Use the Data Preferences settings for Trusted activity to define domains and Slack workspaces you trust.
Adding trusted domains and Slack workspaces prevents file activity in these locations from appearing on dashboards, user profiles, and alerts. However, trusted file activity is still searchable in Forensic Search.
To use this functionality, your role must have permissions to view and modify data preferences.
How it works
- File events are considered trusted when an entry in your list of trusted activity matches file event metadata for these fields: Active tab titles and URLs, Sync Username, Shared With (for cloud data sources), and Recipients (for email data sources).
- If there is more than one domain associated with an event, all domains must be included in your list of trusted domains for the event to be trusted. If any domain associated with event is not in your list of trusted domains, the event is not trusted.
- Trusted file activity is excluded from:
- Data on the Risk Exposure dashboard
- Contributing to risk severity scores
- File event counts for Departing Employees, High Risk Employees, and User Profiles
- Forensic Search results that include the following search criteria:
- The Trusted Activity filter with the value Exclude (applies to endpoint and email events)
- The Exposure Type filter with the value Outside trusted domain (applies to cloud events)
Configure trusted activity
To access trusted activity settings:
- Sign in to the Code42 console.
- Navigate to Administration > Environment > Data Preferences.
- Select the Trusted activity tab.
When adding or editing trusted activity, review the Add trusted activity guidelines in the table below. For domains and URL paths, you can also review the Recommendations and Examples tabs on the add/edit screen for additional guidance.
If your organization has established processes for users to report unethical behavior, harassment, discrimination, or other types of misconduct, consider adding the associated URLs to your list of trusted domains. For example, adding
report-misconduct.example.comwould prevent file activity on that domain from appearing on Code42 dashboards, user profiles, and alerts.
|a||Add trusted activity||
Click to add trusted activity and select a type:
Trusts a wide variety of activity across an entire domain, including files uploaded via a web browser, sent from cloud sync apps installed on user devices, and shared via cloud or email services monitored by Incydr.
Specific URL path
Trusts browser uploads to only part of a domain. For example, adding the URL path github.com/company trusts uploads only to the "company" repository and not to all of github.com.
Trusts files uploaded in a specific Slack workspace.
|b||Trusted activity||The location of activity to be trusted.|
Indicates if the entry applies to a Domain, Specific URL path, or Slack workspace.
|d||Description||An optional field to provide additional context or details.|
Indicates the time this entry was last modified and the user who made the change. File activity is trusted starting the date it is added to this list. Previous file activity is considered untrusted.
Applies to the value being evaluated for trust. Updating only the description text does not change the Last modified date.
|f||Edit||Click to edit the trusted activity value and/or the description.|
|g||Actions||Click to delete this entry.|
Using a wildcard character may lead to unintentionally trusting unknown or malicious domains. For example, a trusted domain value of
example*would trust not only
example.com, but also any domain starting with
example, such as
To trust both a parent domain and all subdomains, do not use an overly inclusive wildcard value, such as
*example.com. Instead, add these two values to minimize risk:
Since the first entry does not include a wildcard, it only trusts activity that matches the
example.com domain exactly. In the second entry, including a period (.) after the wildcard ensures only subdomains of your legitimate domain are trusted.
Trusted domain examples
The table below provides examples of whether file activity is trusted based on the combination of the trusted domain entry and where the file activity occurred.
- Yes = Activity on this domain is trusted for the supplied trusted domain entry
- No = Activity on this domain is not trusted for the supplied trusted domain entry
|Trusted domain entry|
|<<< More secure Less secure >>>|