The Endpoint activity over time graph on the Risk Exposure dashboard shows all file activity that has occurred on an endpoint across your organization for up to the last 90 days.
Endpoint activity over time shows when files are moved to a cloud sync folder on an endpoint, but does NOT include files in your cloud services that were made public (permissions were increased). To see when files in your cloud services are made public, see the Cloud sharing over time graph or the Cloud sharing tab of the All activity view.
To view the Endpoint activity over time graph, sign in to the Code42 console.
For more information about the Risk Exposure dashboard, see:
- Risk Exposure dashboard
For more information about how to use these dashboards, see Review unusual file activity with the Risk Exposure dashboard.
For permissions, licensing, and visibility considerations for the Risk Exposure dashboard, see Risk Exposure dashboard reference.
Endpoint activity over time
To view more file event details from the Endpoint activity over time graph:
- Hover over a point on the graph for a snapshot of event counts and file size for that spike.
- Click a point on a graph to see file event details for that spike.
- For any of the Show activity for options, click View event details for more information about the file events that occurred during the selected time frame and exposure type.
- For any of the Show activity for options, click Investigate in Forensic Search to see all of the file events and file event details that occurred during the selected time frame and exposure type in Forensic Search.
|a||Timeframe||Displays file activity for the last 90 days, 30 days, 7 days, or 1 day.|
|b||File activity graph||
Displays file activity for the selected file event type.
|c||File event preview||Displays a file event preview for a specific day when you hover over the graph. Click a point to see more file event details from that day and to optionally open those files in Forensic Search. Learn more about using Forensic Search.|
|d||On removable media||Displays when files have been moved to an external device such as a USB drive or hard drive. Click a point on the graph to see the vendor name of the removable media device.
Removable media vendor preview
If vendor details do not appear in this view, you can still view them in Forensic Search. The removable media vendor is not available in this view for file events that occurred prior to August 12, 2020.
For example, you may see vendor details when looking at the last 7 days of file events, but if you switch to 90 days and that view includes file events that occurred before August 12, 2020, those details will not be available in this view. Instead, click Investigate in Forensic Search to see those details.
|e||Synced to cloud service||Displays when a file exists in a folder on the device that is used for syncing with one of these cloud services:
|f||Read by browser or other app||Displays details about files opened in an app that is commonly used for uploading files, such as a web browser, Slack, FTP client, or curl.|
|g||Zip files||Displays file events for common archive formats, including compressed files.|
|h||Activity preview||Displays a preview of the graph of file activity.|
Shows the number of file events for the entire timeframe selected. File events can include events where a file was moved to removable media or cloud sync folders, or uploaded to a browser.
Note: Endpoint events do not include cloud share permission changes. See cloud share permission changes on the Cloud sharing over time graph.
|j||Size||Displays total file size for all exposure events in the selected timeframe.|
|k||Investigate in Forensic Search||Opens Forensic Search and pre-populates it with the selected timeframe and exposure type. Learn more about using Forensic Search.|
|l||View event details||Click to see more details about the file activity and to search by a particular user's activity in Forensic Search.|
From the Endpoint activity over time graph, click View event details to see the file activity broken out by user. You can then see more file details for each user.
|a||Code42 username | Department/title||
Displays the Code42 usernames of employees involved with the file events. If you use provisioning, their department and title are shown. (For User Directory Sync or SCIM provisioning, this information is automatically populated by your provisioning provider. For Okta provisioning, you must first add the department and title attributes in Okta.)
Shows the number of file events for each user in the timeframe selected.
File events can include events where a file was moved to removable media or cloud sync folders, or was uploaded to a browser.
Note: Cloud share permission changes are not included. See cloud share permission changes on the Cloud sharing over time graph.
|c||Size||Displays total file size for all exposure events in the selected timeframe.|
|d||Investigate in Forensic Search||Click to see the search results for this user in Forensic Search.|
|e||View event details||Click to view the employee's file events broken down by destination and file category group.|