Skip to main content

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Cloud.

Code42 Support

User Profile reference

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Cloud.

Overview

When you select Investigation > User Activity and enter a user's name, the User Profile page displays. From the User Profile, you can review the file activity of employees, helping you to:

  • Quickly identify suspicious file movement
  • Review endpoint and cloud services activity
  • See file activity for the previous 90 days

This article describes the information and options in the User Profile.

Considerations

Differences in file event counts
File events for Forensic Search and Alerts appear within 15 minutes of the file activity, while file events in the Risk Exposure dashboard and the User Profile may take up to an hour to appear. As a result, you may see that the file event counts in alert notifications and Forensic Search differ from the event counts in the Risk Exposure dashboard and the Departing Employees and High Risk Employees User Profiles.
User Activity functionality varies based on your product plan
User Profile is only available if you have the Code42 Platinum product plan. If you have a different product plan, see User Activity and Activity Notifications reference.

User Profile

To access a user profile:

  1. Sign in to the administration console.
  2. Select Investigation > User Activity.
  3. Enter the Code42 username for the employee whose activity you want to view. 
  4. Click Search
    The User Profile displays.
User Profile versus Departing Employees or High Risk Employees
If you search for a user that has been added to the Departing Employees or High Risk Employees application, their Departing Employees or High Risk Employees User Profile appears. The Departing Employees application and High Risk Employees application profiles have a blue indicator by the employee name at the top of the page and include additional information such as the employee's departure date, risk factors, and user profile notes.  

Employee information

Employee information on the User Profile

Displays a summary of the employee's information, including:

  • Name
  • Department* 
  • Title*
  • Location*
  • Manager*
  • Employee's Code42 username
  • Employee's cloud aliases (not shown in image)
  • Departure Date (Departing Employees application only)
  • Risk Factors (High Risk Employees application only)
  • User Profile Notes (Departing Employees application and High Risk Employees application only)

*Displays this information If your Code42 environment uses provisioning. (If you use Code42 User Directory Sync or SCIM provisioning, this information is automatically populated by your provisioning provider. If you use Okta provisioning, you must first add the attributes in Okta.) If you don't use provisioning, this information does not appear and cannot be added manually.

 

File Activity Last 30 Days

File Activity tile of the User Profile with the Synced to Cloud Service Filter selected

Item Description
a Synced to Cloud Service

Click to see the number of file events that indicate files were added to folders on the employee's device that are typically used to sync to a cloud service. The selected filter is highlighted in blue.

 

Hover over a summary bar of data to see a preview of these files broken down by file category and file category group.

b On Removable Media

Click to see the number of file events that indicate files were moved to removable media, such as a USB drive. File category groups appear on the left. The selected filter is highlighted in blue.

 

Hover over a summary bar of data to see a preview of these files broken down by file category.

c Read by Browser or Other App 

Click to see the number of file events that indicate files were uploaded to a browser or an app such as Slack, FTP client, or curl. File category groups appear on the left. The selected filter is highlighted in blue.

 

Hover over a summary bar of data to see a preview of these files broken down by file category.

d By File Category Group

Shows the summary of file activity in the past 30 days for the following file categories:

  • Business Documents
    • PDF
    • Spreadsheets
    • Documents
    • Presentations
  • Zip Files
    Common archive file formats including compressed files.
  • Source Code
    Common source code formats.
  • Multimedia 
    • Image
    • Video
    • Audio
  • Other
    • Script
    • Virtual Disk Image
    • Executable
    • Uncategorized (files that did not fit any category)

For more information about file categories, see Forensic Search file categories.

e Sync Destination

Shows the cloud services provider that the file was synced to. Hover over a summary bar of data to see a preview of these files broken down by file category group.

f Forensic Search icon Forensic Search icon

Click to see the search results for these files in Forensic Search.

Endpoint File Activity

The Endpoint File Activity section of the User Profile displays file activity on the user's device, which helps identify suspicious file activity and potential file exfiltration.

Endpoint File Activity on the User Profile

Item Description
a Last

Select last 90 Days30 Days7 Days, or 1 Day to update the timeframe on the graph. Click Refresh graph indicator to refresh the graph and show the latest data.

b Activity type Indicates the type of activity displayed in the graph.
c Summary preview

Click a point on the graph to see a summary of that data point organized by file category. 

d Forensic Search icon Forensic Search icon

Click to see the search results for these files in Forensic Search.

e Graph

Provides a visual representation of file activity for the selected timeframe.

  • Hover on a point in the graph to see a preview of the activity.
  • Click a point on the graph to see the summary preview of that data point. 
f Show activity for

Select one of the following options to view the graph of that activity:

  • On Removable media: Shows a graph of file activity on removable media, such as a USB drive.
  • Synced to Cloud Service: Shows a graph of activity where files were added to folders on a user's device that are typically used to sync to a cloud service. 
  • Read by Browser or Other App: Shows a graph of activity where files were opened by a browser or an app commonly used for uploading files, such as Slack, FTP client, or curl.
  • Deleted Files: Shows a graph of activity where files are added to the following locations: $Recycle.Bin, .local/share/Trash, and .Trash. 
  • Zip Files: Shows a graph of activity for common archive file formats, including compressed files (.zip, .tar).
g Forensic Search icon Forensic Search icon

Click to see the search results for these files in Forensic Search.

Cloud File Activity

The Cloud File Activity section of the User Profile displays file activity for files in cloud services. It shows when a file is made publicly accessible or shared via a direct link. 

Cloud File Activity tile on the User Profile

Item Description
a Last 

Select last 90 Days30 Days7 Days, or 1 Day to update the timeframe on the graph. Click Refresh graph indicator to refresh the graph and show the latest data.

b Activity type Indicates the type of activity displayed in the graph.
c Summary preview

Click a point on the graph to see a summary of that data point organized by file category. 

d Forensic Search icon Forensic Search icon

Click to see the search results for these files in Forensic Search.

e Graph

Provides a visual representation of file activity for the selected timeframe.

  • Hover on a point in the graph to see a preview of the activity.
  • Click a point on the graph to see the summary preview of that data point. 

f Show activity for

Select one of the following options to view the graph of that activity:

  • Public on the web (Google Drive): Shows files in Google Drive that were made public.
  • Public via direct link (Google Drive): Shows files that were shared from Google Drive with a direct link.
  • Public via direct link (OneDrive): Shows files that were shared from OneDrive with a direct link.
  • Public via direct link (Box): Shows files that were shared from Box with a direct link.
  • Zip Files: Shows a graph of activity for common archive file formats, including compressed files (.zip, .tar).

 

g Forensic Search icon Forensic Search icon

Click to see the search results for these files in Forensic Search.

  • Was this article helpful?