Skip to main content

Who is this article for?
Find your product plan in the Code42 console on the Account menu.

Incydr Professional, Enterprise, and Gov F2
Incydr Basic, Advanced, and Gov F1
Other product plans

Incydr Professional and Enterprise, yes.

Incydr Basic and Advanced, yes.

CrashPlan Cloud, yes.

Other product plans, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Audit Log

Who is this article for?
Find your product plan in the Code42 console on the Account menu.

Incydr Professional, Enterprise, and Gov F2
Incydr Basic, Advanced, and Gov F1
Other product plans

Incydr Professional and Enterprise, yes.

Incydr Basic and Advanced, yes.

CrashPlan Cloud, yes.

Other product plans, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

Overview

The Code42 Audit Log provides a record of who did what and when in the Code42 environment. This article provides detailed descriptions of each item in the Audit Log in the Code42 console. Some uses of the Audit Log include:

  • Determine how the Code42 environment ended up in its current state.
  • Spot check the work of security analysts to prevent abuse of privileged access.
  • Identify areas of training for users that caused inadvertent changes.
Use the Audit Log APIs to export results
The Audit Log in the Code42 console allows you to quickly search events and export the results to a comma-separated-values (CSV) file. While this is helpful to quickly perform spot checks, instead use the Code42 API if you need to export events to your internal security team tools. See Audit Log in the Code42 Developer Portal.

Considerations

Audit Log in the Code42 console

To view the Audit Log:

  1. Sign in to the Code42 console.
  2. Select Administration > Status > Audit Log

Audit Log

Item Description
a Export Export icon Export the filtered events to a comma-separated values (CSV) file.
b Filter Filter icon Filter the events by the criteria you select. 
c Filtered by The filters that are currently applied to the Audit Log events. Click the X to remove that filter. Remove all filters to view all events.
d Username The Code42 username associated with the event.
e Event type

The event type logged.

f Date observed Date and time the event occurred. The time is reported in Coordinated Universal Time (UTC).
g IP address Public IP address involved in the event. 
h View detail Details icon Click to view event details. Includes event type, date observed, and device details.

Filter

To filter the events listed in the Audit Log, click Filter Filter icon and select the criteria to use. When you click Apply, events that match all filters appear in the list.

Audit Log filter drawer

Item Description
a Username Filters the list by events associated with a specific Code42 username. Use commas to separate multiple usernames.
b User type

The type of user to search for:

  • User
    Select to search for events triggered by a Code42 user.
  • Code42 support user
    Select to search for events triggered by a Code42 support user. Code42 support users are Customer Champions given support access to your Code42 environment to perform investigation and adjust settings as needed. By default, the Code42 support user's name is marvin@code42.com.

The Code42 support user can create additional users that appear in the Audit Log. To find those users, you can filter on the user type Code42 support user and then filter on the Add user event type.

c Date range

Filters the list by the selected date range. Select Custom to enter start and end dates to use to filter events. You can also select All dates to view all events that have been logged.

d Event type

Filters results by event types. All events filters by all available event types. 

 

Event types are organized into categories. Select All events in a category to filter by all available event types in that category. 

 

See the Event types section below for a description of each event type. 

  • Administration
    • All events
    • Code42 support user access disabled
    • Code42 support user access enabled
    • Risk setting changed
    • Risk setting created
  • Authorization
    • All events
    • Console login
  • Cases
    • All events
    • Case assignee changed
    • Case closed
    • Case created
    • Case deleted
    • Case file event added
    • Case file event removed
    • Case subject changed
  • Detection list activity
    • Cloud alias added
    • Cloud alias removed
    • Departing employee added
    • Departing employee alert settings changed
    • Departing employee departure date changed
    • Departing employee removed
    • High risk employee added
    • High risk employee alert settings changed
    • High risk employee removed
    • Risk factor added
    • Risk factor removed
    • Risk profile notes changed
  • File access
    • All events
    • File download
    • File download: IO error
    • Restore ended
    • Restore started
    • ZIP file downloaded
  • Forensic Searches
    • All events
    • Forensic Search query
  • Identity and access management 
    • Federation created
    • Federation deleted
    • Federation metadata updated
    • Federation updated
    • Identity provider assigned to org
    • Identity provider created
    • Identity provider deleted
    • Identity provider metadata updated
    • Identity provider removed from org
    • Identity provider updated
    • SCIM provisioner configuration updated
    • SCIM provisioner created
    • SCIM provisioner credentials changed
    • SCIM provisioner deleted
  • User updates
    • All events
    • Activate user
    • Add user
    • Deactivate user
    • Email change
    • External attributes change
    • External reference change
    • Local auth only change
    • Name change
    • User roles assigned
    • User roles revoked
    • Username change
e IP address Filters the events by a specific public IP address involved in the event. Use commas to separate multiple IP addresses.
f Cancel / Apply Click Apply to apply the selected filter criteria to the list and display only the events that match that criteria. To return to the list without applying any filters, click Cancel.

Export

Click Export icon Export to export the filtered events in the Audit Log to a comma-separated values (CSV) file. Any filters that are applied are shown above the Audit Log list. Click the X on a filter to remove that filter from the exported results.

In addition to exporting events to CSV in the Code42 console, you can also export events with the Code42 API. See Audit Log in the Code42 Developer Portal.

Event details

For any event listed in the Audit Log, click View details Details icon to see more information about the event.

Event details

Following are the fields that can appear in event details.

Event

User

Additional event details

Event types

Troubleshooting

  • Was this article helpful?