Who is this article for?
Code42 for Enterprise, yes.
CrashPlan for Small Business, yes.
Detect and respond to insider threats
Our step-by-step guide to capture, review, and respond to suspicious file activity.
Set up and configure
Enable file exfiltration detection
Update settings to start monitoring file activity on user devices, on removable media, in cloud services, and in web browsers.
Customize security alert criteria
Define criteria and thresholds to generate automatic notifications about data exfiltration.
Add cloud and email services monitoring
Grant Code42 permission to monitor your cloud and email services for risky activity.
Set up data preferences
To reduce noise and focus Code42 security event reporting on higher-risk file activity, define domains and IP addresses you trust.
Detect - Investigate - Respond
Review unusual file activity
Learn how to identify and investigate risk exposure across your entire organization with these step-by-step use cases.
Use Forensic Search for in-depth investigations
Forensic Search is a powerful search interface for investigating file activity on endpoints, removable media, cloud services, and email attachments.
Add employees to risk detection lists
Quickly identify suspicious file activity on endpoints and in cloud services for departing employees and other users who pose a higher risk of insider threat.
Preserve files with legal holds
Set up preservation policies and legal matters to collect and retain files for investigations or long-term storage.
Top articles for setup and management
Optimize performance on user devices for security monitoring, networking, backup, and more.
Users and organizations
Manage user provisioning, authentication (SSO), roles and permissions, watch lists, and your organizational hierarchy.
Collection of administrative resources for deploying, managing, and troubleshooting user devices (also known as "clients," "endpoints, or "computers").
Insider threat setup
Learn how Code42 monitors file activity to help you detect, investigate, and respond to insider threats.
Manage your Code42 subscriptions.
Code42 cloud data retention and cold storage policies
Identify how long your data is retained in the Code42 cloud when users, devices, and organizations are deactivated, or if you do not renew your contract with Code42.
Monitor your environment health
Review device status reports, subscription usage, progress of cloud data sources ingest, and more. Learn how to identify and fix any problems.
View guides for testing network connections, managing device bandwidth to the Code42 cloud, configuring firewalls, and more.
Reduce security event and alert noise
Learn how to greatly reduce false positives by pre-defining domains and IP addresses you trust.
More troubleshooting topics
Browse all administrative troubleshooting articles.
How backup works
Explore all the details of how Code42 backs up your data.
How restore works
Learn how to restore files from Code42. Review factors that affect restore speed and what you can do to ensure files are restored quickly.
Define your backup policies
Review considerations and instructions for defining what to back up and what not to back up. Also specify how often backup runs and how long to retain old file versions.
How to restore files from the Code42 console
As an administrator, you can restore files directly to a user's device, or download files from any web browser.
Configure device backup settings
Use the Code42 console to define backup settings for individual devices or an entire organization.
Device replacement and migration
Use Code42 to simplify device migration when users change devices. Code42 also integrates with Microsoft's User State Migration Tool (USMT) to back up and restore Windows user settings.
Using the Code42 app
Select files to back up
Learn how to add and remove files, folders, and external drives to your backup file selection.
What to do after receiving a backup alert
Review common causes and solutions for issues that cause you to receive backup alert emails.
How to restore files from the Code42 app
View step-by-step instructions to restore files to your device.
Replace a device
When you get a new device, use the Code42 app's replace device wizard to transfer files and backup settings from your old device.
Trying to resolve a specific issue? Browse all Code42 app troubleshooting articles.
APIs and SDK
Introduction to the Code42 API
Learn how to use the Code42 API to create custom reports, perform automated actions, or integrate with existing systems within your organization.
Search file activity using the Forensic Search API
Perform complicated or customized searches to monitor and investigate suspicious file activity using the Code42 API.
Manage detection list users with the Code42 API
Automate the process of managing users in the Departing Employees list and High Risk Employees list using the Code42 API.
Manage security alerts with the Code42 API
Automate the process of viewing alert notifications, adding notes, or opening or dismissing alert notifications using the Code42 API.
Introduction to py42, the Code42 Python SDK
Use py42 to develop your own Python applications for working with Code42 data while avoiding the overhead of session or authentication management.
Code42 command-line interface
Set up the Code42 command-line interface
Get started using the Code42 CLI to interact with your Code42 environment without using the Code42 console or making API calls directly.
Manage detection list users with the Code42 CLI
Use the Code42 CLI to add and remove users from the Departing Employees list or High Risk Employees list, as well as update the information for a high risk employee.
Manage users associated with alert rules using the Code42 CLI
Use the Code42 CLI to add and remove users associated with alert rules, as well as view alert rules in a list or in detail.
Manage legal hold custodians with the Code42 CLI
Use the Code42 CLI to add and release custodians from legal hold matters, as well as view legal hold matters in a list or in detail.
SOAR, SIEM, and other tools
Ingest file events into a SIEM using the Code42 CLI
Use the Code42 CLI to extract file exfiltration events in JSON or CEF format for use in a SIEM tool.
Integrate alerts into a SIEM using the Code42 CLI
Use the Code42 CLI to poll for alerts and ingest them in your SIEM or SOAR tool.
Install and manage the Code42 app for Cortex XSOAR
Integrate Code42 with Cortex XSOAR to view and search Code42 data and manage Code42 departing employees within XSOAR.
Install and manage Code42 for IBM Resilient
Set up Code42 for IBM Resilient to investigate departing employees and find known malicious files.
Install and manage the Code42 app for Splunk
Set up the Code42 app for Splunk to visualize Code42 data in Splunk dashboards.
Install and manage the Code42 app for Splunk Phantom
Set up the Code42 app for Splunk Phantom to start running Code42 actions, for example on users and devices, or to search file activity.
More articles about integrating with Code42
For more information about how to set up and manage integrations, see Code42 integrations resources.