Long Arrow Right External Link angle-right Search Send Times Loader chevron-down thumb-up thumb-down Spinner angle-left
Go to ThreatLocker

Monitoring ThreatLockerService Through Kaseya VSA

Overview 

This article will cover how to setup monitoring ThreatLockerService through Kaseya VSA. 

Assign Event Set 

  • Under Agent Monitoring on the left-hand side menu, select ‘Event Log Alerts’ 
undefined

  • Check the box for the applicable Machine.Group ID 
  • In the Assign Event Set tab: 
    • Select event log type: Application 
    • Check the box for Information  
    • Define events to match or ignore: < New Event Set >  
    • In the popup window, enter the Event Set Name and click ‘New’ 
    • Under the Source Filter, type ‘ThreatLockerService’, click ‘Add’, click ‘Deploy’, and then click ‘Close’ 
undefined

undefined

  • Check the box for the applicable Machine.Group ID 
  • Select your event from the Define events to match or ignore drop-down menu 
undefined

Set Alert Actions 

  • Under the Set Alert Actions tab, check the box for Create Alarm and click ‘Apply’ 
undefined

  • The alert will show under the Email Address/Event Set column of the selected Machine.Group ID. 
undefined

Filter the Audit Logs to View ThreatLockerService  

  • Under the Audit and View Individual Data dropdowns on the left-hand side menu, select ‘Machine Summary’ 
  • Under Agent Logs, in your search parameters select ‘Event Logs’ and ‘Application’, choose your start and end dates, and click ‘Filter’ 
  • In the popup window, select all event categories, type in the name of your Event Source (this should match what you inputted for Source Filter), type in 0 as your Event ID, and click ‘Apply’ 
undefined
  • ThreatLockerService appears when it initially starts or is restarted.
undefined

Did this answer your question?
Thanks so much for your feedback!
%s of people found this helpful.