diff --git a/tools/config/powershell.yml b/tools/config/powershell.yml
index c22cdc99b..e116f0cd1 100644
--- a/tools/config/powershell.yml
+++ b/tools/config/powershell.yml
@@ -74,3 +74,12 @@ logsources:
     service: windefend
     conditions:
       LogName: 'Microsoft-Windows-Windows Defender/Operational'
+  windows-applocker:
+    product: windows
+    service: applocker
+    conditions:
+      LogName:
+        - 'Microsoft-Windows-AppLocker/MSI and Script'
+        - 'Microsoft-Windows-AppLocker/EXE and DLL'
+        - 'Microsoft-Windows-AppLocker/Packaged app-Deployment'
+        - 'Microsoft-Windows-AppLocker/Packaged app-Execution'