Skip to main content
Code42 Support

Security Web App Reference

Applies to:
  • Code42 CrashPlan (previously CrashPlan PROe)

Overview

The Code42 Security web app allows you to search a specific user for security events detected by endpoint monitoring. The report can help you identify and visualize potential data leaks and security problems. You can also export the results to a CSV file for analysis or archiving.

For details on the security events that can be detected, and instructions on how to configure endpoint monitoring, see Endpoint Monitoring.

Accessing the Security web app

In order to use the Security web app:

  • Endpoint monitoring must be enabled in your Code42 environment.
    Enabling endpoint monitoring requires a Security Tools license.
  • You must have the Org Security Viewer or All Org Security Viewer roles, or equivalent permissions in a custom role.

To access the Security web app, select Security from the application selector in the administration console toolbar.

Search

Build your search query from the Security web app by entering the target user's username or user ID in the search field. As you enter a username, possible choices appear.

Security web app user search

Item Description
a Username or ID Specifies the search target by username or user ID.
b Start date Specifies the start date of the search query.
c End date Specifies the end date of the search query.
d Search Submits the search request to the master server.

Results

Results for your search query display numerically and as bar charts for the following event types:

  • Pattern Matching
  • Cloud Service
  • Removable Media
  • File Upload
  • File Restore

Security web app search results

Item Description
a User User associated with the results.
b Export Downloads a CSV file with the results of the query displayed in the charts.
c For Pattern Matching
(Version 5.2 and later only)
Number of defined patterns to match and the number of matches to those patterns.
d Uploaded to Cloud
(Version 5.2 and later only)
Number and size of files uploaded to other cloud services.
e Added to Removable Media
(Version 5.2 and later only)
Number and size of files added to removable media.
f Restored
(Version 5.2 and later only)
Number and size of files restored from CrashPlan.
g Uploaded to Browser
(Version 5.2 and later only)
Number and size of files uploaded via web browsers.
Windows devices only
h Pattern Matching
(Version 5.2 and later only)
Visualization of pattern matching events.
i Action menu
(Version 5.2 and later only)
Contains the option to export a CSV file with the results contained in the chart.
j

Cloud Service
(Version 5.2 and later)
Cloud
(Version 5.1.x)

Visualization of personal cloud storage security events. The color of the graph denotes the type of event:

  • Blue: Files added to a cloud service account
  • Green: Files edited on a cloud service account
k Removable media

Visualization of removable media security events. The color of the graph denotes the type of event:

  • Blue: Files added to removable media
  • Green: Files edited on a removable media

l File Upload
(Version 5.2 and later)
Visualization of files opened in web browsers for upload by users, such as when a user attaches a file to a web-based email.
Windows devices only
m Restore Visualization of restore events.
Security Tools requires a trusted certificate for SSL connections
If your Code42 environment uses a self-signed certificate, Security Tools activity results do not appear when browsing over an SSL connection. To view results, you must either:

Export

When you export results, you can select the event types and date range included in the CSV file.

Security web app export

Item Description
a Device Appeared Includes detection of storage devices that are connected to the user's device.
b Device Disappeared Includes detection of storage devices that are disconnected from user device.
c Device File Activity Includes detection of file creation, modification, or deletion on connected devices.
d Device Scan Includes scanning of files on connected devices for the following types of events:
  • Files moved to removable media devices
  • Files created on removable media devices
  • Files modified on removable media devices
e Cloud Service Activity
(Version 5.2 and later)
Cloud File Activity
(Version 5.1.x)
Includes detection of file activity in a personal cloud.
f Cloud Service Scan
(Version 5.2 and later)
Cloud Scan
(Version 5.1.x)
Includes scanning of personal cloud drives.
g Restore Job Includes detection of restore activity.
h Restore File Includes detection of restored files.
i

File Upload
(Version 5.2 and later)
File Opened
(Version 5.1.x)

Includes detection of files opened for web upload.
Windows devices only
j Pattern Match
(Version 5.2 and later)
YARA Rule Match
(Version 5.1.x)
Includes detection of files that trigger a pattern match using defined YARA rules.
k Start Date Specifies the start date of the search query.
l End Date Specifies the end date of the search query.
m Cancel Cancels the export.
n Export Downloads the CSV file of the exported data.
  • Was this article helpful?