Skip to main content

This article applies to version 6.

Other available versions:

Cloudicon.qnmark.png

Available in:

StandardPremiumEnterprise
Small Business
Code42 Support

Configure activity profiles in Security Center

This article applies to version 6.

Other available versions:

Cloudicon.qnmark.png

Available in:

StandardPremiumEnterprise
Small Business

Overview

Using the Code42 Security Center's file exfiltration detection capabilities, administrators can monitor file activity for specific high-risk users and receive an email notification when suspicious activity occurs, which helps provide insight into potential exfiltration threats.

To get started, define file activity thresholds in an activity profile. Activity profiles use data from Code42's endpoint monitoring to generate an email notification when a user exceeds a defined threshold for:

  • Transferring files to removable media
  • Interacting with cloud services, including Box, Dropbox, Google Backup and Sync (version 6.7.2 and later), iCloud, and OneDrive

Before you begin

Permissions for Security Center access
The SYSADMIN role includes Security Center access automatically. To grant Security Center access to a user with a different role, assign the Security Center User role to the user.  The default local administrator with the SYSADMIN role can only view user activity in the Security Center for data stored in on-premises storage servers, but cannot view user activity for data stored in the Code42 cloud. To view Code42 cloud data, sign in as a different user with the necessary permissions. 

Create an activity profile

An activity profile defines specific thresholds for the number or total size of files moved to removable media or cloud services.

  1. Sign in to the administration console.
  2. Select Security Center > Activity Notifications.
  3. Select Create New Profile.
    Text on this screen is updated with version 6.5. 
  4. Enter a name.
    The name appears in the list of profiles on the Activity Notifications screen. You can change the name at any time.
  5. Enter the email address of the person to receive notifications. Email notifications are limited to a single address.
  6. Select the scan frequency. The frequency determines how often records are scanned and the email recipient notified. For example, selecting Every 2 hours generates an email if a user exceeds a file activity threshold within a two-hour period.
  7. Choose the file activities to be included in the profile.
    • Removable Media: Monitors file transfer activity to USB drives, external hard drives, memory cards, etc.
    • Cloud Services: Monitors file transfer activity for the Box, Dropbox, Google Backup and Sync (version 6.7.2 and later), Apple iCloud, and Microsoft OneDrive apps installed on user devices.
      If a new cloud service is installed on a device, you must restart the Code42 service on each user device (or restart the entire device) to enable monitoring of that service.
  8. Define Total file size, Total file count, or both threshold values. Notification occurs if either value is exceeded. You can choose to ignore either file size or file count as a criteria, but you cannot ignore both. These values, combined with the scan frequency defined above, define if and when a notification is sent.
    • Total file size: Defines the total size of files in megabytes (MB) a user must move to generate a notification.
    • Total file count: Defines the total number of files a user must move to generate a notification.
  9. Click Save.
    The new activity profile appears with the option to add users.

Create activity profile

Add users to an activity profile

  1. Sign in to the administration console.
  2. Select Security Center > Activity Notifications.
  3. Select a profile from the list.
  4. Select Add User.
  5. Starting typing a username. Select a username from the list of suggestions to add that user to the profile. Repeat this step to add multiple users.
    The user is added to the Included Users section.
  6. Click Add Users.

Add users to activity profile

Considerations for adding users

  • Only add users who you know or suspect to be a risk. For example, users with access to highly sensitive data, or departing employees. Activity profiles are not intended to monitor all users at all times.
  • To reduce potential unwanted email notifications, test each activity profile by only adding a few users at first to make sure the thresholds do not generate too many notifications.
  • A user can only belong to one activity profile.
  • If you add a user from an organization that does not have endpoint monitoring enabled, an error message appears. See Conflict Detected In Endpoint Monitoring Settings and Security Center Profile for more details.

Remove users from an activity profile

  1. Sign in to the administration console.
  2. Select Security Center > Activity Notifications.
  3. Select a profile from the list.
  4. Select one or more users.
  5. Select Remove User.
  6. Review the confirmation message and select Yes, Remove.

Remove user from activity profile

Edit an existing activity profile

  1. Sign in to the administration console.
  2. Select Security Center > Activity Notifications.
  3. Select a profile from the list.
  4. From the action menu action menu icon, select Edit This Profile.
  5. Change activity profile settings as necessary.
  6. Click Save.

Edit activity profile

Delete an activity profile

  1. Sign in to the administration console.
  2. Select Security Center > Activity Notifications.
  3. Select a profile from the list.
  4. Select Delete Profile.
  5. Review the confirmation message and select Yes, Delete.

Delete an activity profile

Considerations for deleting an activity profile

You cannot delete an activity profile if it contains users from organizations you do not manage. If you receive an error message when trying to delete a profile, see Error Deleting Activity Profile.

Learn more: Code42 Education Pass training videos

We also have a training module about the Code42 Security Center. The module is 4 videos that are 5–8 minutes long. These videos cover how to enable endpoint monitoring, review security events, and monitor user activity to help you protect against internal and external threats to your organization’s intellectual property.

If you already have a Code42 Education Pass, watch Code42 Security Center. Otherwise, email education@code42.com to learn more about how to get access to training videos

  • Was this article helpful?