How to Set Up Cyber Hero Management
Cyber Hero Management allows the ThreatLocker Cyber Heroes to handle requests from your end users and make decisions on your behalf using ThreatLocker judgment and any additional instructions you provide. However, there may be times when a request requires your attention. We will escalate those requests to the administrator(s) that you have selected. Note: Cyber Hero Management will not handle Elevation or Storage Control requests, as we cannot validate the storage devices as safe, nor the need to run anything as administrator.
To enable Cyber Hero Management, navigate to the Organizations page. Be sure to enable Cyber Hero Management from the 'Product' dropdown list by selecting the checkbox next to it.
Select the 'Configure Cyber Hero Management' button located below the 'Product' dropdown menu.
The Organization Settings menu will populate with the Cyber Hero Management tab open.
These settings will need to be configured per Organization. Once specified on the Parent Organization, you can select the 'Use Parent Settings' checkbox for each Child Organization you would like to use the same settings.
In the top box, you need to specify all the administrators that you want to receive escalation notifications. If you don't make a selection in this area, by default ThreatLocker will send notifications to all super-admins for the organization. You can select the administrators' email addresses from the dropdown and click 'Add' between each one.
Below the escalation contact list is a list of ThreatLocker's default rules that will be applied when processing requests on your behalf. They are as follows:
- Business Applications Only
- Computer Level Permits as much as possible
- Extensions require 4* and a high number of users and reviews (or be from a well-known company such as Google)
- No Games
- No Existing Matches
- No Network Scanning or MSP Tools (e.g. PuTTY, PSexec, Rufus)
- No Remote Access unless specified
- Meeting Applications are ok unless otherwise specified
At the bottom, there is a text box where you can input any additional instructions or exceptions you would like to make to the default ThreatLocker rules.
Finally, click the 'Save' button in the top left-hand corner.
Computer Group Settings
By default, these Cyber Hero Request instructions that are set at the organization will be applied to all computer groups within that organization. These organization-wide settings can be overridden at the computer group level if desired.
Navigate to the Computer Groups page. Select the edit button next to the group you would like to change these settings on. At the bottom of the edit window, deselect 'Use Organization Settings' and input the instructions you wish to be used for this computer group's Cyber Hero Management Requests.
Allowing the Cyber Heroes to Make Changes on Your Behalf
Using Cyber Hero Management will grant the Cyber Heroes Full Control access to your ThreatLocker account.
Note: ThreatLocker Cyber Hero Management does not have the capability to put any devices into Learning, Installation, or Monitor Mode. We also cannot, under any circumstances, place devices into a state of Tamper Protection Disabled.
Escalate to MSP
For instances in which the Cyber Heroes are unable to process a request, they will escalate the approval to the administrator you have designated. That administrator will receive an email that will link them directly to the request. Any items that have been escalated will also be visible on the 'Approval Center' page, and will be highlighted and marked as 'Escalated from the ThreatLocker Cyber Heroes'. There is also the option to search for all items that have been Escalated to MSP from the search dropdown box on the Approval Center page.
Once an item has been escalated, the email the MSP receives is a no-reply email. It will be up to the MSP to action the request. If you need to add additional instructions for the Cyber Heroes to use when processing future requests, please log into the ThreatLocker portal and edit the instructions.