ThreatLocker
Overview
Threatlocker is a zero-trust security solution that offers a unified approach to protecting users, devices, and networks against the exploitation of zero day vulnerabilities.
Available Integrations
| Product(s) | Supported Asset Type(s) | Integration Type |
|---|---|---|
| ThreatLocker | Devices | Source |
Why You Should Integrate
Integrating with ThreatLocker will allow for more insight into your devices by reporting computers with valuable information in Aurora ASM.
How Does the Integration Work
Depending on the access schema you select, this integration collects device information for all devices discovered by ThreatLocker in one of two ways:
- Report-based schemas (
Instance ID / Auth KeyandPortal API Key (Reports, legacy)) pull the "All-Computers" or "All Computers - Including Child Organizations" report. Portal API Key (Computer API)retrieves computers directly from ThreatLocker's Computer API, without requiring a pre-built report. This method also associates the last logged-in user with each device.
This data is only used internally; we do not share it with any parties outside of Arctic Wolf Networks. Refer to our privacy policy for details.
Please review the configuration instructions in the section below before setting up permissions for apps.
Configuration
- Choose an Access Schema: A schema is a configuration template that defines a specific way to connect, authenticate, and interact with an external product. The following are the available schemas:
- Instance ID / Auth Key: Authenticates using your ThreatLocker Instance ID and Auth Key, and pulls device data from a ThreatLocker report.
- Portal API Key (Reports, legacy): Authenticates using your ThreatLocker Instance ID and Portal API Key, and pulls device data from a ThreatLocker report via the
portalapiendpoints. - Portal API Key (Computer API): Authenticates using your ThreatLocker Instance ID and Portal API Key, and retrieves devices directly from the
portalapiComputer API. This schema does not require a pre-built report.
Instance ID / Auth Key
| Field | Description | Example |
|---|---|---|
Instance ID | The instance ID is the single letter found in your portal URL. (Ex. https://portal.x.threatlocker.com) | x |
Skip TLS Certification Validation* | Skip certificates validation when using a certificate that is self-signed or unable to be validated through a proper certificate authority. | n/a |
Auth Key* | The Auth Key provided by ThreatLocker | ABCDEF0123456789 |
Portal API Key (Reports, legacy)
| Field | Description | Example |
|---|---|---|
Instance ID | The instance ID is the single letter found in your portal URL. (Ex. https://portal.x.threatlocker.com) | x |
Skip TLS Certification Validation* | Skip certificates validation when using a certificate that is self-signed or unable to be validated through a proper certificate authority. | n/a |
Auth Key* | The Portal API Key provided by ThreatLocker | ABCDEF0123456789 |
Portal API Key (Computer API)
| Field | Description | Example |
|---|---|---|
Instance ID | The instance ID is the single letter found in your portal URL. (Ex. https://portal.x.threatlocker.com) | x |
Skip TLS Certification Validation* | Skip certificates validation when using a certificate that is self-signed or unable to be validated through a proper certificate authority. | n/a |
Auth Key* | The Portal API Key provided by ThreatLocker | ABCDEF0123456789 |
-
Add an Integration: Select the integration(s) you'd like to add.
- Collect devices
| Field | Description | Example |
|---|---|---|
Organization ID | The Organization ID that you would like to pull devices from | ABCDEF0123456789 |
- Configure General Information: OPTIONAL: You can use the following fields to provide additional information about your configuration.
| Field | Description | Example |
|---|---|---|
Name (optional) | Uniquely identifiable attribute of the configuration to delineate other similar configurations with the existing organization. | DMZ network |
Contact Person (optional) | A placeholder to input a name or email address of a contact associated with the integration. | Jane Doe |
Link to Console (optional) | A placeholder to input a link to the console of the product Aurora ASM is integrating with for quick reference and access when configuring or editing the integration. | www.product.com/devices |
Email me about frequent errors | Select this toggle to receive an email whenever an Integration has a ≥30% error rate in a 24-hour period. | n/a |
- Activate Config: Select "Activate" to enable this configuration and begin pulling data.
Source Documentation
Creating Credentials
For information about authenticating your integration, contact your Threatlocker representative.
Required Permissions
The account used must have permission to pull all reports (for the report-based schemas) or read access to computers (for the Portal API Key (Computer API) schema).
Contact Us
If you're having problems configuring an Integration, or if you've found something wrong in this document, please email us at [email protected].
Updated 3 days ago