Threatlocker Agent Deployment
Purpose
The Purpose of this solution is to deploy a threatlocker agent on both Windows and Mac machines.
Associated Content
| Content | Type | Function |
|---|---|---|
| Threatlocker Agent Deployment | Script | Deploys Threatlocker agent on both MAC and Windows machines |
| Deploy Threatlocker Agent | Internal Monitor | Detects machines missing Threatlocker agent |
△ Custom - Execute Script - Threatlocker Agent Deployment | Alert Template | Executes the Threatlocker Agent Deployment on the machines detected by the Deploy Threatlocker Agent internal monitor |
Implementation
Step 1
Import the following content using the ProSync Plugin:
- Script: Threatlocker Agent Deployment
- Internal Monitor: Deploy Threatlocker Agent
- Alert Template:
△ Custom - Execute Script - Threatlocker Agent Deployment
Step 2
Reload the system cache:
Step 3
Configure the solution as outlined below:
-
Run the script Threatlocker Agent Deployment script on any agent by setting the
Set_environmentto1in order to create associated system properties.
-
Navigate to
Automation-->Monitorswithin the CWA Control Center and setup the following:-
Internal Monitor - ProVal - Production - Deploy Threatlocker Agent
- Apply
△ Custom - Execute Script - Threatlocker Agent Deploymentalert template on the monitor - Right-click and Run Now to start the monitor
- Apply
-
Step 4
For Windows Deployment:
- Enter the Threatlocker Authorization key in System Properties under system property
ThreatLockerAuthKey - Enter the Organization name in Client EDF
Threatlocker_Organization_Name - Enter the Threatlocker Group ID in Client EDF
ThreatlockerGroupID
For MAC Deployment:
- Enter Threatlocker Mac in Client EDF
ThreatLockerMacGroupKey
