Skip to main content

Who is this article for?
Find your product plan in the Code42 console on the Account menu.

Incydr Professional, Enterprise, and Gov F2
Incydr Basic, Advanced, and Gov F1
Other product plans

Incydr Professional and Enterprise, yes.

Incydr Basic and Advanced, yes.

CrashPlan Cloud, no.

Other product plans, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Top users by critical activity reference

Overview

Top users by critical activity on the Risk Exposure dashboard shows a prioritized view of the users associated with the most critical and high severity file events. Top users by critical activity only shows events that occurred outside your trusted domains or in unapproved cloud destinations

The severity of file activity is defined by the risk scores you have set for various risk indicators in your Code42 environment. For more information about risk scores, see Risk settings reference

To see Top users by critical activity, sign in to the Code42 console and in the upper-left corner click Incydr. Click Incydr to return to the Risk Exposure at any time.

For more information about the Risk Exposure dashboard, see: 

Video

Watch the video below for an overview of how to use Top users by critical activity on the Risk Exposure dashboard. For more videos, visit the Code42 University.

Considerations

Top users by critical activity

Top users by critical activity

Item Description
a Selected time frame

Shows the time frame the file activity occurred in.

 

Changing the time frame updates all the data you see on the Risk Exposure dashboard and User Profiles.

b

Risk settings

Click to open the Risk settings where you can set the score of each risk indicator. Scores are used to calculate the severity of each file event. For more information about Risk settings see Risk settings reference.

 

To edit risk settings, you must have the Insider Risk Admin or Insider Risk Analyst role. Users with the Insider Risk Read Only role can view risk settings, but not make changes.

c User

Displays a summary of the employee's information, including:

*Displays this information if your Code42 environment uses provisioning. For more information, see Provision user attributes to Code42.

 

Click the user's name to open their User profile.

d

Critical events

Displays file events with an overall risk score of 9+. 

 

Risk scores are defined for individual risk indicators in Risk settings. For each file event, the score of each applicable risk indicator is added up to an overall risk score. The overall risk score determines the severity of each file event.

 

For more information about how risk scores are calculated and how risk scores applies to event severity, see Risk settings reference.

e High events

Displays file events with an overall risk score of 6-9. 

 

Risk scores are defined for individual risk indicators in Risk settings. For each file event, the score of each applicable risk indicator is added up to an overall risk score. The overall risk score determines the severity of each file event.

 

For more information about how risk scores are calculated and how risk scores applies to event severity, see Risk settings reference.

f Risk indicators

Shows the added risks that apply to a user's file events. For more information about risk indicators and their related risk scores, see Risk settings reference.

 

Risk indicators are listed in the following order:
1. Destination risk indicators, alphabetically
2. File risk indicators, alphabetically
3. User risk indicators, alphabetically

g View details View event details Click to see more details about the selected file activity. 
h Risk detection list badge Indicates if the employee is on a risk detection list such as the High Risk Employees list or Departing Employees list.
i View all users Click to see a list of all users in your Code42 environment.

View details

From Top users by critical activity, click View details to see more information about the user's file activity. 

View details about a user's file activity

Item Description
a Selected time frame

Shows the time frame the file activity occurred in.

 

Change the time frame in the upper-right corner of the Risk Exposure dashboard. Changing the time frame updates all the data you see on the Risk Exposure dashboard and User Profiles.

b User

Displays a summary of the employee's information, including:

  • Name
  • Department* 
  • Title*
  • Risk detection lists the employee has been added to
  • Notes that have been added to the employee's profile

*Displays this information if your Code42 environment uses provisioning. For more information, see Provision user attributes to Code42.

c

View profile View user profile

Opens the User Profile for the employee.
d Notes Click Add notes to add more details to the user's profile. If notes already exist, click Edit Edit user profile notes to modify existing notes.
e Risk indicator events

Displays counts of each file event severity with associated risk indicators.

 

For more information about risk indicators, see Risk settings reference.

f Investigate in Forensic Search Investigate in Forensic Search Opens the events with risk indicators in Forensic Search. Learn more about using Forensic Search.
g Filter Click to show filters and then select risk indicator filters to filter the shown list of events. To remove a selected filter, click it again. 
h By risk score Click to show file events by risk score in descending order.
i By date observed Click to show file events by the date the event occurred with latest events on top.
j Filename/Details

Shows filename, risk indicators, risk score, and other details pertaining to the file event.

 

If the filename is shown as a blue hyperlink, you can download the file from this location. If the filename is not a blue hyperlink, you may be able to download the file in Forensic Search.

To view all file events, click Investigate in Forensic Search Investigate in Forensic Search.

  • Was this article helpful?