To help protect you from data loss, you can use Code42 to monitor files moving to and from data sources such as cloud services (for example, Box, Google Drive, and OneDrive), or attachments sent through email services (such as Office 365 Outlook).
When you add a cloud service as a data source, we monitor the data source to capture when a user:
- Creates a file
- Shares a file
- Deletes a file
- Modifies a file
When you add an email service as a data source, we monitor the data source to capture file and message information about the attachments that users have emailed to recipients.
This article provides a brief introduction to adding data sources.
- You can register a G Suite or Microsoft 365 account in a single Code42 environment only:
- Once as a cloud service, to monitor file movement in Google Drive or OneDrive locations
- Once as an email service, to monitor file attachments emailed from Gmail or Office 365 Outlook accounts
- You can only register a G Suite or Microsoft 365 account for one Code42 environment at a time. For example, you cannot register a OneDrive cloud service in one Code42 environment and an Office 365 DLP email service in another Code42 environment when both belong to the same Microsoft 365 account.
- You can register two (or more) unique G Suite or Microsoft 365 accounts as long as these accounts are not associated in any way.
- Code42 only monitors one domain in a G Suite account even though multiple domains may exist in that account. Code42 monitors only the domain associated with the administrator email address that was used to register the Google Drive or Gmail data source.
- Data sources are not available in the Code42 federal environment.
Before you begin
Before you can add data sources, you must enable File Metadata Collection.
Add data sources
You can add the following data sources in the Code42 console from Investigation > Data Sources:
After adding data sources
Once you add a data source, file information collected from the data source is available in Code42 and can be searched in Forensic Search, included in alert rules and notifications, and displayed on the Risk Exposure dashboard and in the User Profile.
If you want to stop collecting data from a data source, deauthorize it.