diff --git a/tools/config/powershell-windows-all.yml b/tools/config/powershell-windows-all.yml
index 8464ade07..e7bf8ae9c 100644
--- a/tools/config/powershell-windows-all.yml
+++ b/tools/config/powershell-windows-all.yml
@@ -60,3 +60,12 @@ logsources:
     service: ntlm
     conditions:
       LogName: 'Microsoft-Windows-NTLM/Operational'
+  windows-applocker:
+    product: windows
+    service: applocker
+    conditions:
+      LogName:
+        - 'Microsoft-Windows-AppLocker/MSI and Script'
+        - 'Microsoft-Windows-AppLocker/EXE and DLL'
+        - 'Microsoft-Windows-AppLocker/Packaged app-Deployment'
+        - 'Microsoft-Windows-AppLocker/Packaged app-Execution'