ThreatLocker
in development
Cory Gegg
What is kind of use case do you need for this integration?
Dashboard, widgets and reports for Reviewing and reporting on Several manual tasks in Threatlocker
Do you have the dataset API in your mind already?
Yes
ActionLog ApprovalRequest Computer ComputerCheckin MaintenanceMode Organization Report Tag ThreatLockerVersion
Do you have widgets design already?
No
Do you have bot use case already?
Yes
Deleting inactive Computers Org onboarding and offboarding Setting administrator permissions.
Can you help to connect with the vendor to provide the help needed to do the development?
Yes
Where is the API documentation URL?
Will pay?
no, I will not pay
Log In
D
David Hu
marked this post as
in development
This post was marked as
development queue
D
David Hu
Hi Darryl Cresswell / Cory Gegg / Gary Harlam / Liam Furlong and all voters,
thank you for this incredible breakdown! This is exactly the kind of deep-dive feedback that drives our best integrations.
We completely agree that ThreatLocker is a cornerstone of the MSP stack. Based on your detailed requirements, our team has fast-tracked the design of a new app concept we are calling "ThreatLocker 360 Orchestrator".
We have built an executable Mock Prototype that aims to solve the pain points you listed, plus a bit more:
✅ Hygiene Monitor (Your Request): We've designed widgets to track Device Security Status (Secured vs. Learning Mode), Agent Versions, and Connectivity, just as you described.
💰 Revenue Guard (The Value Add): Taking your "Offline/Inactive" idea further, we added a logic to flag "Zombie Devices" (offline > 30 days). This helps you instantly identify wasted spend across your entire stack (ThreatLocker + RMM + AV licenses), directly addressing the billing visibility you mentioned.
🛡️ Shadow Hunter (Bonus): We also integrated a module to detect high-risk "Shadow IT" (like unauthorized AnyDesk/TeamViewer) by cross-referencing ThreatLocker audits with your RMM inventory.
The Goal: To give you a single view that covers both Operational Health and Profitability.
We believe this covers your feature request and adds a layer of ROI automation. We’d love to know—does this "Health + Revenue" approach hit the mark for your team?
Please give it a try.
Darryl Cresswell
David Hu I LOVE THIS! Awesome cant wait to see this in action!
D
David Hu
Darryl Cresswell
Thanks, very hapy that you like it.
Based on your votes, we have designed a Mock-up for the upcoming ThreatLocker Integration. Before we write the final code, we want to ensure this design solves your actual pain points and prioritize the features that matter most.
Please take 2 minutes to answer the questions below. Your input will directly determine which capabilities are included in the Standard Version vs. the Power Pack.
- The "Pain" Check Looking at the "Approval Requests" widget in the mock-up:
[ ] It’s nice to have, but we mainly manage this inside the ThreatLocker portal.
[ ] It’s a game-changer. Seeing this data centrally in MSPbots would significantly speed up our triage process.
- Feature Necessity vs. Value We are considering two levels of functionality. Please select which level your MSP actually needs to operate efficiently:
Level 1 (Visibility Only):
View "Computers in Maintenance Mode"
View "Pending Approval Requests"
View "ThreatLocker Version Status"
(Cost: Included in Standard)
Level 2 (Action & Automation - The "Power Pack"):
Action: One-click "Approve/Deny" requests directly from the MSPbots Dashboard (No need to login to TL).
Bot: Auto-remove computers from Maintenance Mode after X hours.
Bot: Alert & Auto-ticket when a computer is missing the TL agent.
(Cost: Paid Add-on / Premium Tier)
- The ROI Calculation If the Level 2 (Automation) features above could save your technicians from logging into the ThreatLocker portal 10-20 times a day:
How many hours per month would that save your team?
[ ] < 2 hours
[ ] 2 - 5 hours
[ ] 5+ hours (High ROI)
- Willingness to Pay Based on the value defined above, which option fits your business model?
Option A: I only need the Level 1 (Read-only) dashboards. I am not interested in paying extra for actions or bots.
Option B: The Level 2 (Actions/Bots) capabilities are critical. I would be willing to pay a monthly add-on fee (e.g., equivalent to 1 hour of technician time) to enable these automations and bi-directional features.
- Missing Criticals Is there any specific data point missing from the mock-up that would stop you from using this App?
[ Open Text ]
Gary Harlam
David Hu When I click the link, I'm getting an error:
{
"error": "File not found",
"path": "/threatlocker360"
}
D
David Hu
Gary Harlam:
I updated the url. please give it a try.
D
David Hu
Gary Harlam:
Based on your votes, we have designed a Mock-up for the upcoming ThreatLocker Integration. Before we write the final code, we want to ensure this design solves your actual pain points and prioritize the features that matter most.
Please take 2 minutes to answer the questions below. Your input will directly determine which capabilities are included in the Standard Version vs. the Power Pack.
The "Pain" Check Looking at the "Approval Requests" widget in the mock-up:
[ ] It’s nice to have, but we mainly manage this inside the ThreatLocker portal.
[ ] It’s a game-changer. Seeing this data centrally in MSPbots would significantly speed up our triage process.
Feature Necessity vs. Value We are considering two levels of functionality. Please select which level your MSP actually needs to operate efficiently:
Level 1 (Visibility Only):
View "Computers in Maintenance Mode"
View "Pending Approval Requests"
View "ThreatLocker Version Status"
(Cost: Included in Standard)
Level 2 (Action & Automation - The "Power Pack"):
Action: One-click "Approve/Deny" requests directly from the MSPbots Dashboard (No need to login to TL).
Bot: Auto-remove computers from Maintenance Mode after X hours.
Bot: Alert & Auto-ticket when a computer is missing the TL agent.
(Cost: Paid Add-on / Premium Tier)
The ROI Calculation If the Level 2 (Automation) features above could save your technicians from logging into the ThreatLocker portal 10-20 times a day:
How many hours per month would that save your team?
[ ] < 2 hours
[ ] 2 - 5 hours
[ ] 5+ hours (High ROI)
Willingness to Pay Based on the value defined above, which option fits your business model?
Option A: I only need the Level 1 (Read-only) dashboards. I am not interested in paying extra for actions or bots.
Option B: The Level 2 (Actions/Bots) capabilities are critical. I would be willing to pay a monthly add-on fee (e.g., equivalent to 1 hour of technician time) to enable these automations and bi-directional features.
Missing Criticals Is there any specific data point missing from the mock-up that would stop you from using this App?
[ Open Text ]
Gary Harlam
David Hu We would likely use he reporting funcctions. We don't have many clients on the platform so paying for extra services that are not often used would likely not happen. I do like the idea of some notificaiton bots if they could be include and not part of a premium package.
D
David Hu
Gary Harlam:
Thanks for the feedback!
Clarification on Bots: Since you are already using our platform, you will have access to the Dataset-based Bots (e.g., sending alerts/notifications based on ThreatLocker data). The "Premium" distinction is mainly for Direct UI Actions (e.g., clicking "Approve" or "Deny" directly inside the MSPbots dashboard without logging into the ThreatLocker portal). So, the notification use case you mentioned is safe!
🚀 Big Update: We have officially secured a Partnership with ThreatLocker!
Are you ready to connect your ThreatLocker account now? We can get your data flowing very soon so you can see the results.
D
David Hu
Darryl Cresswell:
We have officially secured a Partnership with ThreatLocker!
We can starting to get your data flowing very soon so you can see the results.
Gary Harlam
David Hu Of course!
t
tyler tanner
David Hu
[ x] It’s nice to have, but we mainly manage this inside the ThreatLocker portal. This is subject to change the current workflow. we are still working on adoption rate for mspbots. but this is something i could see changing that for our team.
[ ] It’s a game-changer. Seeing this data centrally in MSPbots would significantly speed up our triage process.
Feature Necessity vs. Value We are considering two levels of functionality. Please select which level your MSP actually needs to operate efficiently:
Level 1 (Visibility Only):
View "Computers in Maintenance Mode"
View "Pending Approval Requests"
View "ThreatLocker Version Status"
(Cost: Included in Standard)
Level 2 (Action & Automation - The "Power Pack"):
Action: One-click "Approve/Deny" requests directly from the MSPbots Dashboard (No need to login to TL). Un needed right now. but if the implementation is good. it may help us with getting this product off of our tv's and on to the techs main screens.
Bot: Auto-remove computers from Maintenance Mode after X hours.
I like this idea but i believe our noc has a script that does this as is.
Bot: Alert & Auto-ticket when a computer is missing the TL agent.
Big fan of this.
(Cost: Paid Add-on / Premium Tier)
The ROI Calculation If the Level 2 (Automation) features above could save your technicians from logging into the ThreatLocker portal 10-20 times a day:
How many hours per month would that save your team?
[x ] < 2 hours
[ ] 2 - 5 hours
[ ] 5+ hours (High ROI)
Willingness to Pay Based on the value defined above, which option fits your business model? This would go back to the quality of the implementation and our own ability to get our teams to buy in. If we get more high quality integrations like this. i could see additional spends being acceptable. MS Graph/office 365 is a big one. or being able to integrate in to the tools we use for monitoring that now and take action via their apis. in our case Cyber Drain's CIPP tool. the more we can centralize monitoring and alerting the higher value your product can be.
Option A: I only need the Level 1 (Read-only) dashboards. I am not interested in paying extra for actions or bots. a for now. but B looks promising and we would like to be in that tier. Option B: The Level 2 (Actions/Bots) capabilities are critical. I would be willing to pay a monthly add-on fee (e.g., equivalent to 1 hour of technician time) to enable these automations and bi-directional features.
This post was marked as
design
J
Joyce
marked this post as
product review
Darryl Cresswell
Feature Request: ThreatLocker Integration for MSPBots
Summary:
ThreatLocker is a critical component of an MSP’s cybersecurity stack. To enhance operational visibility and automation, MSPBots should integrate with ThreatLocker to provide real-time, accurate reporting and actionable insights.
Key Requirements:
1) Device Security Status Reporting
-> Display the status of all workstations per client (e.g., Secured, Learning Mode, etc.).
-> Enable bots to alert if any client machine is not in SECURED mode.
2) Offline & Inactive Device Monitoring
-> Report devices that are OFFLINE or INACTIVE.
-> Offline for an extended period may indicate:
-> -> The machine is no longer in production (license waste).
-> -> Agent installation issues.
-> Same concern applies to INACTIVE status.
3) Agent Version Tracking
-> ThreatLocker portal shows outdated agents needing updates.
-> MSPBots should provide a widget to display agent versions and highlight outdated agents.
Widgets Needed:
-> Client-Level Table View:
-> -> Devices per client with:
-> -> -> Checked-in status.
-> -> -> Security mode.
-> -> -> Agent version.
Global Widgets Across All Clients:
-> Total devices Offline and Inactive.
-> All machines not in Secured mode.
-> All devices with outdated ThreatLocker agents.
Why This Matters:
ThreatLocker is now a mainstream MSP security tool. Given its importance, this integration is long overdue. It would:
-> Improve security posture monitoring.
-> Automate alerts for compliance gaps.
-> Support billing accuracy by identifying unused licenses.
-> Address the original poster’s request for billing information visibility.
Gary Harlam
Would love to see billing information - total devices per client
Liam Furlong
Joyce this is great, thank you!