Skip to main content
Contact Support

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise
CrashPlan for Small Business

Incydr, yes.

CrashPlan for Enterprise, no.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Data Preferences reference

  1. Last updated
  2. Save as PDF

Overview

Data Preferences settings enable you to exclude file activity from IP addresses and domains you trust from dashboard visualizations, alerts, and search results in Forensic Search.

Video

Watch the short video below to learn how to add trusted domains. For more videos, visit the Code42 University.

Considerations

This functionality is available only when supported by your product plan. Contact your Customer Success Manager (CSM) for assistance with licensing, or to upgrade to the Incydr Advanced product plan for a free trial​​​. If you don't know who your CSM is, email csmsupport@code42.com

Trusted domains

How it works

  • Activity is considered trusted when an entry in your list of trusted domains (see below) appears in file event metadata for these fields: Tab URL, Tab Title, Sync Username, Shared With (for cloud data sources), and Recipients (for email data sources).
  • File activity on trusted domains does not appear in Code42 security event dashboards, user profiles, and alerts. However, activity on trusted domains is still searchable in Forensic Search.
  • If there is more than one domain associated with an email or cloud sync event, all domains must be included in your list of trusted domains for the event to be trusted. If any domain associated with event is not in your list of trusted domains, the event is not trusted.

Configure trusted domains

To view and edit trusted domains:

  1. Sign in to the Code42 console.
  2. Navigate to Administration > Environment > Data Preferences.
  3. Select the Trusted domains tab.

Configure trusted domains

Item Description
a Domain list

List of domains you trust. File events from domains in this list are excluded from:
b Edit

Click Edit to add or remove domains.

  • To add multiple domains, enter a comma-separated list.
  • File activity on a specific domain is only considered trusted starting the date the domain was added to this list. File activity that occurred before the domain was added is considered untrusted.
  • Use the asterisk (*) character as a wildcard for partial domain names. For example, enter *.corp.example.com to trust any domain ending with ".corp.example.com."
Trailing wildcard introduces risk
Using a wildcard character at the end of a trusted domain may lead to unintentionally trusting unknown or malicious domains. For example, a trusted domain value of corp* would trust not only your corporate domain, but any domain starting with corp, such as corp.fake.com

IP addresses

Listing your in-network IP addresses enables Code42 to label activity from any IP address not on this list as Remote activity. Many areas throughout the Code42 console use this list of IP addresses to identify remote file activity. Listing your in-network IP addresses enables you to customize search results and dashboards to include in-network activity, remote activity, or both.

To view and edit IP addresses:

  1. Sign in to the Code42 console.
  2. Navigate to Administration > Environment > Data Preferences.
  3. Select the IP addresses tab.

Configure IP Addresses

Item Description
a Add

Click to add a new IP address or range.
b IP addresses

The in-network IP address or range.

 

For example, add the public IP addresses used by your devices, such as the NAT IP ranges for your corporate offices.

 

Supported formats:

  • A single IPv4 or IPv6 address. For example: 192.0.2.0.
  • A range of addresses using CIDR block notation format. For example: 192.0.2.0/24.
VPN activity
If you consider file activity from devices connecting over a VPN to be “in-network,” add the IP addresses of your VPN network here. To consider VPN traffic as remote activity, do not include IP addresses for your VPN.
c Description The description entered for this IP address or range. Descriptions are limited to 50 characters.
d Created

Indicates when this entry was added to the list of in-network IP addresses.

 

Date and time are reported in Coordinated Universal Time (UTC).
e IP last modified

Indicates when the IP addresses value was last updated. Updating only the Description does not affect this timestamp. 

 

File activity from an IP address is identified as in-network beginning the date it is added to this list. File activity from an IP address that occurred before it was added to this list is considered remote activity.

 

Date and time are reported in Coordinated Universal Time (UTC).
f Edit Click to edit the IP addresses or Description for this entry.
g Delete Click to delete this entry from the list of in-network IP addresses.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. There are no recommended articles.
  1. Article type
    Topic
    Available in CrashPlan for Enterprise
    No
    Available in Code42 for Enterprise
    Yes
    Available in Incydr
    Yes
    Available in CrashPlan for Small Business
    No
  2. Tags
    1. data source
    2. exposure
    3. forensic file search
    4. Forensic search
    5. trusted domains