By /

How to filter logs by user or application?

This document outlines the step-by-step process of how to filter logs by user or application in ThreatLocker Dashboard.

This article is a part of our ThreatLocker How-to Guides series, Chapter 10 – Monitoring, Logs and Reports.

check our threatlocker licenses price!

Introduction

The Unified Audit module in ThreatLocker allows you to view and filter security logs for deeper analysis. Using Advanced Search, you can quickly locate specific activity based on a user or application, making it easier to investigate incidents or monitor usage.

Implementation

Step 1: Access the Unified Audit

  1. Login to the ThreatLocker Portal.
  2. From the left-hand menu, navigate to Unified Audit.
filter logs by user or application

Step 2: Filter Logs by User

  1. In the filter section:
  • Set the Start Date and End Date for the log search.
  • In Group By, select Username.
  1. Click the filter icon to open Advanced Search.
  2. In Advanced Search:
  • Set Field to Username.
  • Set Rule to Equals.
  • Set Keyword to the username you want to search for.
  • Click Search to display the logs for that user.
filter logs by user or application
contact us for free consultation services!

Conclusion

By enabling alert notifications in ThreatLocker, you can stay updated on critical user requests in real-time, helping you respond quickly to operational needs or potential security concerns.

buy threatlocker licenses now!

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top