Skip to main content

Who is this article for?

Code42 for Enterprise
CrashPlan for Enterprise

Incydr, yes.

CrashPlan for Enterprise, no.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

Code42 Support

Risk Exposure dashboard reference


The Risk Exposure dashboard provides a look into the different types of file activity occurring across your Code42 environment, including high risk and departing employees as well as employees that have the most file activity. Use this dashboard to quickly identify when unusual activity is happening so that you can investigate further. 

This article provides an overview of the Risk Exposure dashboard and links to learn more about each of the major areas. 


  • Add Trusted Domains in Data Preferences to hide file events that occur on domains you trust. Adding trusted domains helps focus your investigation on file activity that may be a higher risk. File activity on a specific domain is only considered trusted starting the date the domain was added. You can view all file activity, including events that occur on your trusted domains, in Forensic Search.

  • To work with the Risk Exposure dashboard, you must have roles that provide the necessary permissions. We recommend you use the roles in our use case for adding users to detection lists.

  • Feature visibility:
    • This functionality is available only when supported by your product plan. Contact your Customer Success Manager (CSM) for assistance with licensing, or to upgrade to the Incydr Advanced product plan for a free trial​​​. If you don't know who your CSM is, email

    • The risk detection list summaries require a product plan that includes Risk Detection lenses.

    • You must connect at least one cloud service to Code42 to see cloud-related file activity. 

  • Contact your Customer Success Manager (CSM) for assistance with licensing. If you don't know who your CSM is, email
Differences in file event counts
File events for Forensic Search and Alerts typically appear within 15 minutes of the file activity, while file events in the Risk Exposure dashboard and the User Profile may take up to an hour to appear. As a result, you may see that the file event counts in alert notifications and Forensic Search differ from the event counts in the Risk Exposure dashboard and the Departing Employees and High Risk Employees User Profiles.

The Risk Exposure dashboard

To view, sign in to the Code42 console.

Areas of the Risk Exposure dashboardClick one of the links below for more information about that corresponding area:

  1. Risk detection list summaries -  how many of the employees that are on a risk detection list have recently had possible exfiltration events
  2. Top users by file activity - list of users with the most file activity across your Code42 environment
  3. All activity view - all of the file events that occurred across your organization
  4. Endpoint activity over time - all of the file events that have occurred on an endpoint across your organization for up to the last 90 days
  5. Cloud sharing activity over time - shows when files are made publicly available across your organization for up to the last 90 days


Watch the video below to learn about the Risk Exposure dashboard. For more videos, visit the Code42 University.

  • Was this article helpful?