Overview

Detect and respond to insider threats
Our step-by-step guide to capture, review, and respond to suspicious file activity.

 Set up and configure

Enable file exfiltration detection
Update settings to start monitoring file activity on user devices, on removable media, in cloud services, and in web browsers.

Customize security alert criteria
Define criteria and thresholds to generate automatic notifications about data exfiltration.

Add cloud and email services monitoring
Grant Code42 permission to monitor your cloud and email services for risky activity. 

Set up data preferences
To reduce noise and focus Code42 security event reporting on higher-risk file activity, define domains and IP addresses you trust.

 Detect - Investigate - Respond

Review unusual file activity
Learn how to identify and investigate risk exposure across your entire organization with these step-by-step use cases.

Use Forensic Search for in-depth investigations
Forensic Search is a powerful search interface for investigating file activity on endpoints, removable media, cloud services, and email attachments.

Secure data throughout employee tenure
Quickly identify suspicious file activity on endpoints and in cloud services for departing employees and other users who pose a higher risk of insider threat.

Preserve files with legal holds
Set up preservation policies and legal matters to collect and retain files for investigations or long-term storage.

 Top articles for setup and management

Recommended settings
Optimize performance on user devices for security monitoring, networking, backup, and more.

Users and organizations
Manage user provisioning, authentication (SSO), roles and permissions, watch lists, and your organizational hierarchy. 

Devices
Collection of administrative resources for deploying, managing, and troubleshooting user devices (also known as "clients," "endpoints, or "computers").

Insider threat setup 
Learn how Code42 monitors file activity to help you detect, investigate, and respond to insider threats.

 Subscription usage

Subscriptions
Manage your Code42 subscriptions.

Code42 cloud data retention and cold storage policies
Identify how long your data is retained in the Code42 cloud when users, devices, and organizations are deactivated, or if you do not renew your contract with Code42.

 Troubleshooting

Monitor your environment health
Review device status reports, subscription usage, progress of cloud data sources ingest, and more. Learn how to identify and fix any problems.

Network
View guides for testing network connections, managing device bandwidth to the Code42 cloud, configuring firewalls, and more.

Reduce security event and alert noise
Learn how to greatly reduce false positives by pre-defining domains and IP addresses you trust.

More troubleshooting topics
Browse all administrative troubleshooting articles.

 More articles about setting up and managing your Code42 environment

For more tutorials, best practices, and configuration options, see all articles in our Configuring and Monitoring and managing sections. 

Overview

How backup works
Explore all the details of how Code42 backs up your data.

How restore works
Learn how to restore files from Code42. Review factors that affect restore speed and what you can do to ensure files are restored quickly.

 Administration

Define your backup policies
Review considerations and instructions for defining what to back up and what not to back up. Also specify how often backup runs and how long to retain old file versions.

How to restore files from the Code42 console
As an administrator, you can restore files directly to a user's device, or download files from any web browser.

Configure device backup settings
Use the Code42 console to define backup settings for individual devices or an entire organization.

Device replacement and migration
Use Code42 to simplify device migration when users change devices. Code42 also integrates with Microsoft's User State Migration Tool (USMT) to back up and restore Windows user settings.

 Using the Code42 app

Select files to back up
Learn how to add and remove files, folders, and external drives to your backup file selection.

What to do after receiving a backup alert
Review common causes and solutions for issues that cause you to receive backup alert emails.

How to restore files from the Code42 app
View step-by-step instructions to restore files to your device.

Replace a device
When you get a new device, use the Code42 app's replace device wizard to transfer files and backup settings from your old device.

Troubleshooting
Trying to resolve a specific issue? Browse all Code42 app troubleshooting articles.

 More articles about backup and restore

For more tutorials, best practices, and configuration options, see all articles in our Backup and Restore sections.

 APIs and SDK

Introduction to the Code42 API
Learn how to use the Code42 API to create custom reports, perform automated actions, or integrate with existing systems within your organization.

Search file activity using the Forensic Search API
Perform complicated or customized searches to monitor and investigate suspicious file activity using the Code42 API.

Manage detection list users with the Code42 API
Automate the process of managing users in the Departing Employees list and High Risk Employees list using the Code42 API.

Manage security alerts with the Code42 API
Automate the process of viewing alert notifications, adding notes, or opening or dismissing alert notifications using the Code42 API.

Introduction to py42, the Code42 Python SDK
Use py42 to develop your own Python applications for working with Code42 data while avoiding the overhead of session or authentication management.

 Code42 command-line interface

Introduction to the Code42 command-line interface
Get started using the Code42 CLI to interact with your Code42 environment without using the Code42 console or making API calls directly. 

 SOAR, SIEM, and other tools

Install and manage the Code42 app for Cortex XSOAR
Integrate Code42 with Cortex XSOAR to view and search Code42 data and manage Code42 departing employees within XSOAR.

Install and manage Code42 for IBM Resilient
Set up Code42 for IBM Resilient to investigate departing employees and find known malicious files.

Integrate Code42 with Sumo Logic
Automatically import file exfiltration event data from Code42 into Sumo Logic using the Code42 command-line interface (CLI). 

Install and manage the Code42 Insider Threat app for Splunk
Set up the Code42 Insider Threat app for Splunk to visualize Code42 data in Splunk dashboards.

Install and manage the Code42 app for Splunk Phantom
Set up the Code42 app for Splunk Phantom to start running Code42 actions, for example on users and devices, or to search file activity.

 More articles about integrating with Code42

For more information about how to set up and manage integrations, see Code42 integrations resources.