Who is this article for?
CrashPlan for Small Business, no.
Code42 for Enterprise, yes.
Link: Product plans and features.
This article applies to Code42 cloud environments.
Use the Data Sources page in the Code42 console to add and manage third-party services that are connected to Code42.
To add and manage data sources, go to Investigation > Data Sources.
Data sources are not available in the Code42 federal environment.
|a||Add Data Source||Adds and configures a new data source connection.|
Displays the cloud service or email service data source:
|c||Service Type||Displays the data source type, either Cloud or Email.|
The name you use to distinguish between data sources. For example, if your organization has two different GSuite accounts for US and UK employees, you could name each account's Google Drives to help identify them as such. This name must be unique.
|e||Authorized by||Displays the name of the Code42 administrator user that configured the data source connection.|
|f||Date Authorized||When the data source was initially added. This does not update if you deauthorize and then resume monitoring the data source.|
Indicates what's being monitored for the data source:
Displays the status of the connection between Code42 and the data source:
For details, see Data source statuses.
Includes the options to either deauthorize or resume monitoring on a data source:
Data source statuses
The Data Sources table's Status column displays the status of Code42's connection to the data source.
During initialization, Code42 discovers all of the drives in your environment within scope, then indexes all of the files in those drives. This gathers baseline data that is identified in Forensic Search as "new files." This initial indexing does not calculate hash values for files. Instead, hashes are calculated when subsequent activity for that file is detected.
We show the number of user drives for which Code42 has completed initialization out of the total number of user drives discovered in your environment. Note that this number does not include shared Google drives.
While drives that have completed initialization begin reporting ongoing activity immediately, the cloud service connection does not transition to the Monitoring status until all drives are initialized.
During initialization, Code42 is registering with the email service in order to begin monitoring email file attachment activity. Email service initialization does not index user inboxes. Instead, Code42 discovers all email accounts in your environment and registers them for monitoring.
While the email accounts that have completed registration with Code42 begin reporting ongoing email attachment activity immediately, the email service connection does not transition to the Monitoring status until all user email accounts are discovered and have completed registration.
Code42 has discovered all in-scope user drives and has completed the initial indexing of those drives. Code42 is monitoring for ongoing file activity while also checking for new files. Any new files discovered during monitoring are hashed. By default Code42 checks the cloud service every 5 minutes for new files and the latest file activity.
We display the number of user drives we are monitoring in your environment. Note that this number does not include shared drives. New drives are discovered at midnight.
Code42 is connected to the data source and is monitoring outbound email activity for file attachments. New email accounts are discovered at midnight and are registered for monitoring.
|Maintenance||Code42 is currently performing maintenance on the data source connection. The data source is still being monitored for file or email activity, but these events won't be displayed in Code42 until maintenance completes. After maintenance completes, Code42 displays all file events collected during the maintenance period.
The Actions menu is not available when a data source is in maintenance.
There was an error connecting to the data source. This typically occurs when a majority of user drives or email accounts are inaccessible to Code42 due to permissions or licensing issues within the data source. This can also occur immediately after a data source is authorized if that data source is already registered to Code42.
|Deauthorizing||Code42 is removing its authorization to monitor the data source. For data sources with a large number of drives or email accounts that are monitored by Code42, this process may take an hour or longer. When this process completes, the status moves to Deauthorized.
The Actions menu is not available when a data source has a status of Deauthorizing.
Code42's connection to the data source has been removed and no new event activity is being collected. The data source will remain deauthorized and listed in the table for 90 days following the date of deauthorization. All discovered drives, email accounts, and existing file events remain in Code42 for those 90 days and can be viewed in Forensic Search.
Once the 90-day period lapses, Code42 deletes its connection to the data source along with all information collected. To resume monitoring the data source after deletion, you need to re-authorize and re-initialize it.
|Deleting||Code42 is removing its connection to the data source and deleting any information about that data source, such as initialized drive information and collected file events. For data sources with a large number of drives or email accounts that are monitored by Code42, this process may take an hour or longer. When this process completes, the data source is removed from the Data Sources table.|
Add data source connection
To add a data source connection, click Add Data Source.
Selects a data source to add:
|b||Display Name||The name you use to distinguish between data sources, for example, for different Google Drive accounts for US employees and UK employees. This name must be unique.|