Skip to main content

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise

Incydr, yes.

CrashPlan for Enterprise, no.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Top users by file activity reference

Overview

The Risk Exposure dashboard includes information about Top users by file activity, listing the users with the most file activity across your Code42 environment. To view the Top users by file activity, sign in to the Code42 console.

For more information about the Risk Exposure dashboard, see: 

For more information about how to use these dashboards, see Review unusual file activity with the Risk Exposure dashboard.

For permissions, licensing, and visibility considerations for the Risk Exposure dashboard, see Risk Exposure dashboard reference

Top users by file activity

This view shows the employees with the greatest number of file events across your organization. It shows the total number of file events and the total size of the files involved in the events for that employee.

Only includes endpoint events
The Top users by file activity view does not include events from cloud services where the permissions for a file were changed to make it public. It only includes events captured from the employee's endpoint, such as files moved to removable media, uploaded via a browser or other app, and moved into a cloud sync folder on the endpoint. 

Top users by file activity

Item Description
a Timeframe Displays file activity for the last 90 days, 30 days, 7 days, or 1 day.
b Code42 username | Department/title

Displays the employee's Code42 username, department*, and title*. 

 

Click the Code42 username to see the employee's User Profile

*If you use User Directory Sync or SCIM provisioning, this information is automatically populated by your provisioning provider. You must first add the department and title attributes if you use Okta provisioning or PingOne provisioning. If you don't use provisioning, this information does not appear and cannot be added manually.

c Forensic SearchInvestigate in Forensic Search Opens Forensic Search and pre-populates it with the selected timeframe and exposure type. Learn more about using Forensic Search.
d See file event details View file event details icon Click to see more details about the employee's file events, such as destinations and file category groups. 
e View top 20 Click to see a list of 20 employees with the most file activity on their endpoints. 
f View by remote activity Click to see employees generating the most remote activity. When configured, remote activity is detected for endpoint events from out-of-network IP addresses. 

Details

On Top users by file activity, click View file event details icon to see file event details.

User file event details

Item Description
a View profile View profile Click to open the employee's User Profile
b

Employee information

Displays the employee's Code42 username, department*, and title*. 

 

*If you use User Directory Sync or SCIM provisioning, this information is automatically populated by your provisioning provider. You must first add the department and title attributes if you use Okta provisioning or PingOne provisioning. If you don't use provisioning, this information does not appear and cannot be added manually.

c List badge Displays the lists to which the employee has been added, such as the Departing Employees or High Risk Employees lists.
d List details Displays known risk factors from the High Risk Employees lists.
e Investigate in Forensic Search Investigate in Forensic Search Opens Forensic Search and pre-populates it with the selected timeframe and exposure type. Learn more about using Forensic Search.
f Total endpoint events and size Displays the total count and size of the file events that occurred on the employee's endpoint. Events include files moved to removable media, read by browser or other app, or added to a cloud sync folder. Does not include cloud share permission changes.  
g Endpoint events Displays the sync destination and file category group of file events that occurred on an employee's endpoint. Events include files moved to removable media, read by browser or other app, or added to a cloud sync folder. Does not include cloud share permission changes. 
  • Was this article helpful?