Skip to main content

Who is this article for?

Code42 for Enterprise
CrashPlan for Enterprise

Incydr, yes.

CrashPlan for Enterprise, no.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

Code42 Support

Top users by file activity reference


The Risk Exposure dashboard includes information about Top users by file activity, listing the users with the most file activity across your Code42 environment. To view the Top users by file activity, sign in to the Code42 console.

For more information about the Risk Exposure dashboard, see: 

For more information about how to use these dashboards, see Review unusual file activity with the Risk Exposure dashboard.

For permissions, licensing, and visibility considerations for the Risk Exposure dashboard, see Risk Exposure dashboard reference

Top users by file activity

This view shows the employees with the greatest number of file events across your organization. It shows the total number of file events and the total size of the files involved in the events for that employee.

Only includes endpoint events
The Top users by file activity view does not include events from cloud services where the permissions for a file were changed to make it public. It only includes events captured from the employee's endpoint, such as files moved to removable media, uploaded via a browser or other app, and moved into a cloud sync folder on the endpoint. 

Top users by file activity

Item Description
a User

Displays the employee's Code42 username, department*, and title*. 


Click the Code42 username to see the employee's User Profile

*If you use User Directory Sync or SCIM provisioning, this information is automatically populated by your provisioning provider. You must first add the department and title attributes if you use Okta provisioning or PingOne provisioning. If you don't use provisioning, this information does not appear and cannot be added manually.

b Forensic SearchInvestigate in Forensic Search Opens Forensic Search and pre-populates it with the selected timeframe and exposure type. Learn more about using Forensic Search.
c View event details View file event details icon Click to see more details about the employee's file events, such as destinations and file category groups. 
d View top 20 Click to see a list of 20 employees with the most file activity on their endpoints. Not shown if there are fewer than 20 employees.
e View by remote activity Click to see employees generating the most remote activity. When configured, remote activity is detected for endpoint events from out-of-network IP addresses. 
  • Was this article helpful?