Skip to main content
Contact Support

Who is this article for?
Find your product plan in the Code42 console on the Account menu.

Incydr Professional and Enterprise
Incydr Basic and Advanced
CrashPlan Cloud
CrashPlan for Small Business
Other product plans

Incydr Professional and Enterprise, yes.

Incydr Basic and Advanced, yes.

CrashPlan Cloud, no.

Other product plans, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Data Preferences reference

  1. Last updated
  2. Save as PDF

Overview

Data Preferences settings enable you to define domains, Slack workspaces, and IP addresses you trust, which helps focus your investigations on file activity that may be a higher risk.

Considerations

To use this functionality, Incydr users must be assigned specific roles. For more information, see Roles for Incydr. To learn which permissions on Incydr roles allow use of this functionality, see Permissions for Incydr. If you use other Code42 products, see Role assignment use cases.

Trusted activity

Adding trusted domains and Slack workspaces prevents file activity in these locations from appearing in security event dashboards, user profiles, and alerts. However, trusted file activity is still searchable in Forensic Search.

How it works

  • File events are considered trusted when an entry in your list of trusted activity matches file event metadata for these fields: Active tab titles and URLs, Sync Username, Shared With (for cloud data sources), and Recipients (for email data sources). 
  • If there is more than one domain associated with an event, all domains must be included in your list of trusted domains for the event to be trusted. If any domain associated with event is not in your list of trusted domains, the event is not trusted.
  • Trusted file activity is excluded from:

Configure trusted activity

To access trusted activity settings:

  1. Sign in to the Code42 console.
  2. Navigate to Administration > Environment > Data Preferences.
  3. Select the Trusted activity tab.

Trusted activity list

Maintain confidentiality for users reporting misconduct
If your organization has established processes for users to report unethical behavior, harassment, discrimination, or other types of misconduct, consider adding the associated URLs to your list of trusted domains. For example, adding report-misconduct.example.com would prevent file activity on that domain from appearing in Code42 security event dashboards, user profiles, and alerts.
Item Description
a Add trusted activity

Click to add a trusted domain or Slack workspace.

 

Domains

  • Do not include https:// .
  • Including www is optional. The www prefix is ignored when evaluating trust.
  • Only the domain is evaluated for trust. The protocol (https://) and characters after the top-level domain (TLD) are ignored. For example, for file activity on https://subdomain.corp.example.com/pages, only subdomain.corp.example.com is evaluated for trust.
  • For email activity, a value of example.com trusts activity from all users with email addresses on the example.com domain. Trusting specific email addresses is not supported.
  • Optionally, use the asterisk (*) character as a wildcard for partial domain names. For example, enter *.example.com to trust all subdomains of example.com. See below for more guidance and warnings about wildcards.

Slack workspaces

  • Only enter the workspace name (for example, "Acme Co."). Do not enter the entire workspace URL.
  • Wildcards are not supported in workspace names. If you include the * character, it is evaluated as part of the workspace name.
b Trusted activity The location of activity to be trusted.
c Applies to

Indicates if the entry applies to a Domain or Slack workspace.
d Description An optional field to provide additional context or details.
e Last modified

Indicates the time this entry was last modified and the user who made the change. File activity is trusted starting the date it is added to this list. Previous file activity is considered untrusted.

 

Applies to the value being evaluated for trust. Updating only the description text does not change the Last modified date.
f Edit Click to edit the trusted activity value and/or the description.
g Actions Click to delete this entry.
Use wildcards carefully to minimize risk
Using a wildcard character may lead to unintentionally trusting unknown or malicious domains. For example, a trusted domain value of example* would trust not only example.com, but also any domain starting with example, such as example.fake.com, examplenotyourrealdomain.com, and example.info.

To trust both a parent domain and all subdomains, we do not recommend an overly inclusive wildcard value, such as *example.com. Instead, add these two values to minimize risk:

  • example.com
  • *.example.com

Since the first entry does not include a wildcard, it only trusts activity that matches the example.com domain exactly. In the second entry, including a period (.) after the wildcard ensures only subdomains of your legitimate domain are trusted.

Trusted domain examples

The table below provides examples of whether file activity is trusted based on the combination of the trusted domain entry and where the file activity occurred.

  • Yes = Activity on this domain is trusted for the supplied trusted domain entry
  • No = Activity on this domain is not trusted for the supplied trusted domain entry                                                            
  Trusted domain entry
   <<<   More secure                                                                                    Less secure  >>>
Activity on: example.com *.example.com example *example.com example* *example*
www.example.com Yes No No Yes Yes Yes
https://subdomain.example.com No Yes No Yes No Yes
www.not-example.com No No No Yes No Yes
www.example.fake.com No No No No Yes Yes
first.last@example.com Yes No No Yes Yes Yes

IP addresses

Listing your in-network IP addresses enables Code42 to label activity from any IP address not on this list as Remote activity. Many areas throughout the Code42 console use this list of IP addresses to identify remote file activity. Listing your in-network IP addresses enables you to customize search results and dashboards to include in-network activity, remote activity, or both.

To view and edit IP addresses:

  1. Sign in to the Code42 console.
  2. Navigate to Administration > Environment > Data Preferences.
  3. Select the IP addresses tab.

Configure IP Addresses

Item Description
a Add

Click to add a new IP address or range.
b IP addresses

The in-network IP address or range.

 

For example, add the public IP addresses used by your devices, such as the NAT IP ranges for your corporate offices.

 

Supported formats:

  • A single IPv4 or IPv6 address. For example: 192.0.2.0.
  • A range of addresses using CIDR block notation format. For example: 192.0.2.0/24.
VPN activity
If you consider file activity from devices connecting over a VPN to be “in-network,” add the IP addresses of your VPN network here. To consider VPN traffic as remote activity, do not include IP addresses for your VPN.
c Description The description entered for this IP address or range. Descriptions are limited to 50 characters.
d Created

Indicates when this entry was added to the list of in-network IP addresses.

 

Date and time are reported in Coordinated Universal Time (UTC).
e IP last modified

Indicates when the IP addresses value was last updated. Updating only the Description does not affect this timestamp. 

 

File activity from an IP address is identified as in-network beginning the date it is added to this list. File activity from an IP address that occurred before it was added to this list is considered remote activity.

 

Date and time are reported in Coordinated Universal Time (UTC).
f Edit Click to edit the IP addresses or Description for this entry.
g Delete Click to delete this entry from the list of in-network IP addresses.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Reference
    Available in CrashPlan Cloud
    No
    Available in other product plans
    Yes
    Available in Incydr Basic and Advanced
    Yes
    Available in Incydr Pro and Enterprise
    Yes
    Available in CrashPlan for Small Business
    No
  2. Tags
    1. data source
    2. exposure
    3. forensic file search
    4. Forensic search
    5. trusted domains