Skip to main content
Code42 Support

Configuring Security Center Activity Profiles

Available in:

  • CrashPlan PRO
    • Standard
    • Premium
    • Enterprise
Applies to:

Overview

Using the Code42 Security Center, administrators can monitor file activity for specific high-risk users and receive an email notification when suspicious activity occurs, which helps provide insight into potential exfiltration threats.

To get started, define file activity thresholds in an activity profile. Activity profiles use data from Code42's endpoint monitoring to generate an email notification when a user exceeds a defined threshold for:

  • Transferring files to removable media
  • Interacting with cloud services (including Box, Dropbox, Google Drive, iCloud, and OneDrive)

Before you begin

Permissions for Security Center access
The Customer Cloud Admin (cloud only) and SYSADMIN (on-premises only) roles include Security Center access automatically. To grant Security Center access to a user with a different role, assign the Security Center User role to the user.  
  • For Code42 cloud environments: If you recently added Security Tools to your product plan but you can’t access the Security Center, go to My Profile to ensure you have the required permissions. Contact our Customer Champions for Code42 for Enterprise support if you do not have the necessary role or permissions.
  • For on-premises Code42 environments: The default local administrator with the SYSADMIN role can only view user activity in the Security Center for backup data stored in on-premises storage servers, but cannot view user activity for data stored in the Code42 cloud. To view Code42 cloud data, sign in as a different user with the necessary permissions. 

Create an activity profile

An activity profile defines specific thresholds for the number or total size of files moved to removable media or cloud services.

  1. Sign in to the administration console.
  2. Select Security Center > Activity Notifications.
  3. Select Create New Profile.
  4. Enter a name.
    The name appears in the list of profiles on the Activity Notifications screen. You can change the name at any time.
  5. Enter the email address of the person to receive notifications. Email notifications are limited to a single address.
  6. Select the email frequency. The frequency determines how often the email recipient is notified. For example, selecting Within 2 hours of detection generates an email if a user exceeds a file activity threshold within a two hour period.
  7. Choose the file activities to be included in the profile.
    • Removable Media: Monitors file transfer activity to USB drives, external hard drives, memory cards, etc.
    • Cloud Service: Monitors file transfer activity for the Box, Dropbox, Google Drive, Apple iCloud, and Microsoft OneDrive apps installed on user devices.
  8. Define Total file size, Total file count, or both threshold values. Notification occurs if either value is exceeded. You can choose to exclude either file size or file count as a criteria, but you cannot exclude both. These values, combined with the email frequency defined above, define if and when a notification is sent.
    • Total file size: Defines the total size of files in megabytes (MB) a user must move to generate a notification.
    • Total file count: Defines the total number of files a user must move to generate a notification.
  9. Click Save.
    The new activity profile appears with the option to add users.

Create activity profile

Add users to an activity profile

  1. Sign in to the administration console.
  2. Select Security Center > Activity Notifications.
  3. Select a profile from the list.
  4. Select Add User.
  5. Starting typing a username. Select a username from the list of suggestions to add that user to the profile. Repeat this step to add multiple users.
    The user is added to the Included Users section.
  6. Click Add Users.

Add users to activity profile

Considerations for adding users

  • Only add users who you know or suspect to be a risk. For example, users with access to highly sensitive data, or departing employees. Activity profiles are not intended to monitor all users at all times.
  • To reduce potential unwanted email notifications, test each activity profile by only adding a few users at first to make sure the thresholds do not generate too many notifications.
  • A user can only belong to one activity profile.
  • If you add a user from an organization that does not have endpoint monitoring enabled, an error message appears. See Conflict Detected In Endpoint Monitoring Settings and Security Center Profile for more details.

Remove users from an activity profile

  1. Sign in to the administration console.
  2. Select Security Center > Activity Notifications.
  3. Select a profile from the list.
  4. Select one or more users.
  5. Select Remove User.
  6. Review the confirmation message and select Yes, Remove.

Remove user from activity profile

Edit an existing activity profile

  1. Sign in to the administration console.
  2. Select Security Center > Activity Notifications.
  3. Select a profile from the list.
  4. From the action menu action menu icon, select Edit This Profile.
  5. Change activity profile settings as necessary.
  6. Click Save.

Edit activity profile

Delete an activity profile

  1. Sign in to the administration console.
  2. Select Security Center > Activity Notifications.
  3. Select a profile from the list.
  4. Select Delete Profile.
  5. Review the confirmation message and select Yes, Delete.

Delete an activity profile

Considerations for deleting an activity profile

You cannot delete an activity profile if it contains users from organizations you do not manage. If you receive an error message when trying to delete a profile, see Error Deleting Activity Profile.