Use the Endpoint Data Collection tab on the organization details screen to identify the exfiltration vectors you want to monitor for risky activity. Code42 automatically collects all metadata associated with the files involved in such activity. You can also collect the contents of those files, when available, to provide important context during investigations.
For more information on endpoint monitoring with Incydr Basic and Advanced, CrashPlan Cloud, and other plans, see Endpoint Monitoring settings reference.
Endpoint Data Collection settings
To view an organization's endpoint data collection settings:
- Select Administration > Environment > Organizations.
- From the Organizations table, click the organization you want to view.
- Click the Endpoint Data Collection tab.
|a||Collect file metadata||
Identifies the vectors Code42 monitors on endpoints for possible file exfiltration. You can enable or disable:
By default, Code42 automatically collects the metadata from files involved in exfiltration activity for the vectors you select.
|b||Collect exfiltrated file contents||
Identifies whether Code42 collects the contents of the file itself when that file is involved in possible exfiltration activity.
Use this setting to control whether file contents are collected for specific organizations. For example, your Marketing users may often exchange large media files as part of their advertising development, or your QA users may exchange large numbers of files as part of their testing. Since this expected activity probably doesn't help with investigations of file exfiltration, you could group such users into their own organization and disable exfiltrated file content collection on that organization.
Click to update the Collect file metadata or Collect exfiltrated file contents settings.
When the panel opens: