ThreatLocker Inspector Summary

Summary

PropertyValue
Production StatusBeta
CategoryApps & Services
DiscoversThreatLocker Child Inspectors (one per Organization)

Description

The ThreatLocker Inspector enables you to automatically collect endpoint security and policy data from the ThreatLocker Portal API. The inspector authenticates to your MSP portal, automatically discovers each managed organization, and creates one Liongard Environment per organization for cross-tenant visibility and reporting.

The inspector collects data for:

  • Allowlisting
  • Elevation
  • Storage Control
  • Network Control
  • Configuration Manager
  • Detect Policies
  • Users

Data View Information

Parent Overview Table

The Parent Inspector provides an MSP-wide view of your ThreatLocker environment, including:

  • MSP Summary
    • Child Organizations
    • Total Endpoints Across MSP
    • Users

Parent Data Tab Headers

  • MSP Overview
  • Organizations
  • MSP Users

Child Overview Data Table

Organization Overview

  • Organization Name
  • Organization ID
  • Modules Included
  • Onboarded
  • Billing Model
  • License Method
  • Total Computers Installed
  • Total Computers Secured
  • Device Security Coverage (%)
  • Stale Computers (no check-in in 7 days)
  • Denied Actions (1d)
  • Denied Actions (3d)
  • Denied Actions (7d)
  • Computer Groups
  • Mobile Devices
  • Application Policies
  • Local Admin Users
  • Local Admin Policies
  • Network Policies
  • Storage Policies
  • Configuration Manager Policies
  • Detect Policies
  • Users

Child Data Tab Headers

  • Overview
  • Computers
  • Computer Groups
  • Mobile Devices
  • Application Policies
  • Local Admin Users
  • Local Admin Policies
  • Network Policies
  • Storage Policies
  • Configuration Manager
  • Detect Policies
  • Users

Metrics

  • ThreatLocker: Child Organization Count
  • ThreatLocker: MSP Total Endpoints
  • ThreatLocker: Total Computers Installed
  • ThreatLocker: Total Computers Secured
  • ThreatLocker: Device Security Coverage (%)
  • ThreatLocker: Stale Computers (>7d)
  • ThreatLocker: Denied Activity - Last 1 Day
  • ThreatLocker: Denied Activity - Last 3 Days
  • ThreatLocker: Denied Activity - Last 7 Days
  • ThreatLocker: Computer Groups Count
  • ThreatLocker: Mobile Device Count
  • ThreatLocker: Geolocation Enabled Devices
  • ThreatLocker: Active Application Policies
  • ThreatLocker: Inactive Application Policies
  • ThreatLocker: Active Network Policies
  • ThreatLocker: Active Storage Policies
  • ThreatLocker: Configuration Manager Policy Count
  • ThreatLocker: Active Detect Policies
  • ThreatLocker: Users Without MFA
  • ThreatLocker: Users With Stale Passwords (>90d)
  • ThreatLocker: Users With No Recent Login (>30d)

Actionable Alerts

  • TBD


Did this page help you?