Skip to main content

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Cloud.

Code42 Support

Customize applications monitored for file exfiltration

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Cloud.

Overview

This article explains how to use the Code42 API to customize the list of applications monitored for file exfiltration by Code42 Next-Gen Data Loss Protection. By default, Code42 monitors activity of applications typically used to upload and download files, such as web browsers, Slack, FileZilla, FTP, and cURL. Follow the steps below to add or remove applications from the default list.

The examples in this article use curl, but the concepts apply to any tool you choose to interact with the Code42 API.

Considerations

  • You must have credentials for a Code42 user with the Customer Cloud Admin, Org Admin, or Cross Org Admin role.
  • If you follow the steps below to customize the list of monitored applications, you are responsible for ongoing maintenance of this list. Your customizations override Code42's defaults, so the list is no longer updated or maintained by Code42. To return to the Code42 defaults, see Remove your customizations.
  • Activity monitoring is intended for applications typically used to move files over a network. Adding other types of applications may cause unexpected results.

API request details

  • Request URL 
    • United States:
      • If you sign in to the Code42 administration console at https://console.us.code42.com/console, use: 
        https://console.us.code42.com/api/
      • If you sign in to the Code42 administration console at https://crashplan.com/console, use:
        https://www.crashplan.com/api/
    • Ireland: https://console.ie.code42.com/api/
  • Resource: OrgSettings
  • Keys:
    • Windows: org_securityTools_win_binary_whitelist
    • Mac: org_securityTools_mac_binary_whitelist
  • Methods: GET to view existing monitored applications; PUT to modify existing monitored applications
  • Additional API documentation: https://console.us.code42.com/apidocviewer/#OrgSetting

View and update monitored applications

Step 1: Find the numeric OrgID

To view and edit the list of monitored applications, you must first identify the numeric ID of the applicable organization.

  1. Sign in to the administration console.
  2. Select Administration > Organizations > Active.
  3. Select an organization:
    • To apply the same values to your entire Code42 environment, select ​​​​your top-level organization. This organization is at the top of the organizational hierarchy and is the parent for all other organizations.
    • To apply different values based on organization, select each organization you want to modify and repeat the steps below for each organization individually.
  4. In the web browser's address bar, note the numeric ID at the end of the URL. In this example, the OrgID is 123456: https://console.us.code42.com/console/#/organization/123456

Step 2: View existing applications

Use the GET method to view existing applications being monitored for file exfiltration. The OrgSettings resource also contains keys for numerous other Code42 settings. Therefore, to view only the applications being monitored, you must include the org_securityTools_win_binary_whitelist or org_securityTools_mac_binary_whitelist key as a query parameter.

The example below assumes basic familiarity with curl commands. Use this as a template to create a command specific to your Code42 environment:

curl -X GET \
  '<request_url>/api/OrgSettings/<OrgID>?keys=org_securityTools_win_binary_whitelist' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -u 'username:password'
  1. Replace <request_url> with the address of your Code42 environment (do not include the brackets in your request).
  2. Replace <OrgID> with the number identified in Step 1 above (do not include the brackets in your request).
  3. Replace username:password with your Code42 credentials.
  4. Execute the curl command in your command-line tool of choice.
    The Code42 API returns the list of monitored applications.
  5. For Mac devices, repeat the steps above using the key org_securityTools_mac_binary_whitelist

Step 3: Add or remove applications

Use the PUT method to add or remove applications. Before sending any updates, make sure to complete Step 2 above to obtain the list of monitored applications.

Updates overwrite existing values
The OrgSettings API resource does not automatically add to existing values. All PUT requests completely replace existing values. Therefore, to add to monitored applications, you must first obtain a list of current values and re-submit that entire list with your new additions.

The steps below assume basic familiarity with curl commands. Use the following example as a template to create a command specific to your Code42 environment:

curl -X PUT \
  '<request_url>/api/OrgSettings/<OrgID>' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -u 'username:password' \
  -d '{ 
    "packets": [
        {
            "key": "org_securityTools_win_binary_whitelist",
            "value": {
                "binaryFileNames":[
                    chrome.exe,chromium.exe,iexplore.exe,firefox.exe,opera.exe,microsoftedge.exe,microsoftedgecp.exe,runtimebroker.exe,browser_broker.exe,sftp.exe,curl.exe,winscp.exe,scp.exe,filezilla.exe,fzsftp.exe,slack.exe
                ]
            },
            "locked": true
        }
    ]
}'
  1. Replace <request_url> with the address of your Code42 environment (do not include the brackets in your request).
  2. Replace <OrgID> with the number identified in Step 1 above (do not include the brackets in your request).
  3. Replace username:password with your Code42 credentials.
  4. Edit the list inside the square brackets of the binaryFileNames value to include only the names of the applications you want to monitor.
  5. Execute the curl command in your command-line tool of choice.
  6. For Mac devices, repeat the steps above using the key org_securityTools_mac_binary_whitelist
  7. To confirm the new settings are applied, re-submit the GET request described in Step 2 above and review the list of monitored applications.

Remove your customizations

Use the DELETE method to completely remove your customized list of monitored applications and return to using the Code42 defaults.

Include key parameter to prevent removal of other system settings
To test this request, submit it first as a GET request described in Step 2 above and make sure the response includes only the org_securityTools_win_binary_whitelist or org_securityTools_mac_binary_whitelist key. Then resubmit it as a DELETE request.

The OrgSetting resource also contains keys for numerous other Code42 settings. Therefore, it is very important to list the correct key as a query parameter in the request URL. Failure to specify only this key will cause other system settings to be deleted by this request.

The steps below assume basic familiarity with curl commands. Use the following example as a template to create a command specific to your Code42 environment:

curl -X DELETE \
  '<request_url>/api/OrgSettings/<OrgID>?keys=org_securityTools_win_binary_whitelist' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -u 'username:password'
  1. Replace <request_url> with the address of your Code42 environment (do not include the brackets in your request).
  2. Replace <OrgID> with the number identified in Step 1 above (do not include the brackets in your request).
  3. Replace username:password with your Code42 credentials.
  4. Execute the curl command in your command-line tool of choice.
    A 204 No Content response indicates the Code42 cloud received the request and deleted your custom list of monitored applications.
  5. For Mac devices, repeat the steps above using the key org_securityTools_mac_binary_whitelist.
  6. To confirm your customizations are removed, re-submit the GET request described in Step 2 above and review the list of monitored applications.

External resources