Monitoring ThreatLockerService Through Kaseya VSA

Overview 

This article will cover how to setup monitoring ThreatLockerService through Kaseya VSA. 

Assign Event Set 

• Under Agent Monitoring on the left-hand side menu, select ‘Event Log Alerts’ 

• Check the box for the applicable Machine.Group ID 
• In the Assign Event Set tab: 
• Select event log type: Application 
• Check the box for Information  
• Define events to match or ignore: < New Event Set >  
• In the popup window, enter the Event Set Name and click ‘New’ 
• Under the Source Filter, type ‘ThreatLockerService’, click ‘Add’, click ‘Deploy’, and then click ‘Close’ 

• Check the box for the applicable Machine.Group ID 
• Select your event from the Define events to match or ignore drop-down menu 

Set Alert Actions 

• Under the Set Alert Actions tab, check the box for Create Alarm and click ‘Apply’ 

• The alert will show under the Email Address/Event Set column of the selected Machine.Group ID. 

Filter the Audit Logs to View ThreatLockerService  

• Under the Audit and View Individual Data dropdowns on the left-hand side menu, select ‘Machine Summary’ 
• Under Agent Logs, in your search parameters select ‘Event Logs’ and ‘Application’, choose your start and end dates, and click ‘Filter’ 
• In the popup window, select all event categories, type in the name of your Event Source (this should match what you inputted for Source Filter), type in 0 as your Event ID, and click ‘Apply’ 

• ThreatLockerService appears when it initially starts or is restarted.