Skip to main content

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise

Incydr, yes.

CrashPlan for Enterprise, no.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Destination activity over time reference

Overview

The Destination activity over time graph on the Risk Exposure dashboard shows all of the file events that occurred across your organization by destination, organized by different subsets of file activity:

  • All activity: Summarizes file activity that occurred across your organization, whether on employee devices or in your cloud services.
  • Remote activity: Shows all remote file activity that occurred on an endpoint. Remote activity is determined to be any file activity that occurs outside of your trusted IP addresses.

To see the Destination activity over time graph, sign in to the Code42 console.

For more information about the Risk Exposure dashboard, see: 

For permissions, licensing, and visibility considerations for the Risk Exposure dashboard, see Risk Exposure dashboard reference

Considerations

To see cloud service activity, you must allow Code42 access to your cloud services.

Destinations are dynamic
The list of destinations shown on each tab of this graph is dynamic. Only destinations with file activity are shown.

For example, if there is no Box file activity in the selected timeframe, or if you have not given Code42 access to your Box instance for monitoring, the Box destination will not be listed.

Alternatively, if you are viewing Box activity on the All activity tab and click the Remote activity tab, a "No destination activity found" message is shown because the Remote activity tab only shows endpoint file activity. Cloud service activity such as Box is not shown on the Remote activity tab. 

Destination activity over time

View file activity across your organization by destination

Item Description
a All activity

Shows all endpoint and cloud service* activity across your organization. File events include files:

  • Moved to removable media or cloud sync folders
  • Viewed in a browser or other app
  • Shared publicly via direct link or with specific users outside your trusted domains 

*To see cloud service activity, give Code42 access to your cloud services.

b Remote activity

Shows all remote file activity that occurred on an endpoint. File events can include files moved to removable media or cloud sync folders, or viewed in a browser or other app. 

 

When configured, remote activity is detected for endpoint events from out-of-network IP addresses. 

c Selected destination Displays the currently selected destination.
d

Choose destination

 

 

Where the file was sent. Destinations include:

  • AirDrop: Files were sent to a device via AirDrop. The destination category for AirDrop events is listed as "Device" in the Exposure section of Forensic Search. 
  • Cloud destinations: The file was synced to a cloud service, shared publicly via direct link, or shared with specific users outside your trusted domains. 
    • Cloud sharing activity includes file activity from Box, Google Drive, and OneDrive and details how the file was shared (for example, public via direct link).
    • Cloud folder sync activity (when a file exists in a folder on the device that is used for syncing with a cloud service) includes activity from:

      • Apple iCloud
      • Box
      • Box Drive
      • Dropbox
      • Google Backup and Sync
      • Google Drive
      • Microsoft OneDrive
  • Email services: The file was uploaded to an email provider via a web browser.
  • Messaging services: The file was sent via a messaging service. 
  • Removable media: The file was moved to an external device such as a USB drive or hard drive. Click View event details to see file activity broken out by removable media device vendor and bus type
  • Social media: The file was uploaded to social media. This does not necessarily mean it's posted publicly; for example, the file could have been sent in a direct message on LinkedIn, etc.
  • Source code repository: The file was uploaded to a location typically used for storing code files.
  • Other: File activity where the destination does not match any of the above destinations, or in the following special cases:
    • Files were opened in an app that is commonly used for uploading files such as FTP client or curl
    • We cannot determine the destination. On Macs, this may indicate Code42 does not have the required permissions to collect the destination details.
    • Multiple possibilities appears if the user accessed more than one tab while uploads were in progress. Review the Active tab titles and URLs to identify all possible destinations.
Other destination
The Other destination does not show the Events bar graph and is shown at the bottom of the list of destinations regardless of sort order.
e Events Number of file events associated with the destination for the selected timeframe.
f Events bar graph Shows the relative number of file events. 
g Size Total size of files involved with the file activity.
h Activity preview Shows file activity for the selected time frame.
i Forensic Search Investigate in Forensic Search Opens Forensic Search and pre-populates it with the selected timeframe and exposure type. Learn more about using Forensic Search.
j View event details View event details Click to view the file events broken down by file category group.
  • Was this article helpful?