Skip to main content

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Cloud.

Code42 Support

How to create and review alerts

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Cloud.

Overview

This article explains how to configure alert rules. Use alerts to let you know when important data may be leaving your company. When an alert is triggered, it appears on the Review Alerts screen of Alerts. 

Video

Watch the short video below to learn more about alerts.  For more videos, visit the Code42 University.

Considerations

Create an alert rule

  1. Sign in to the administration console
  2. Go to Alerts > Review Alerts.
  3. Click Create Rule.
    The New Rule screen appears.
  4. Provide a name for the rule.
  5. (Optional) Enter a description of what the rule is for. 
  6. Set the Severity level you feel is appropriate. You can use this value to filter alerts later.
  7. (Optional) To receive email notifications for this alert:
    1. Select Send email notifications to.
    2. Enter up to ten email addresses, separated by commas. 
  8. Select an Alert Type:
    • Exposure on an endpoint
      1. Enable the exposure types you want to be alerted on:
        • Read by browser or other app: Alerts you when files were uploaded by a browser or an app such as Slack, FTP client, or curl.
        • Moved to removable media: Alerts you when data is moved to removable media, such as a USB drive.
        • Moved to cloud sync folders: Alerts you when file activity in folders on a user's device that are typically used to sync to a cloud service exceed the thresholds you set for total file size and file count (see iii below).
      2. Choose a Time Frame of Events.
        • The time frame begins as the file activity begins. 
        • An alert is sent five minutes after the threshold you set for total file size and file count (see iii below) is exceeded. This five minute delay is to reduce alert "noise" since users can move a lot of data in a few, quick clicks.
        • For example, you choose a time frame of "Within 1 hour". An employee starts moving files at 10:42 a.m. and exceeds the threshold at 10:55 a.m. An alert is sent to you five minutes later at 11:00 a.m. with combined totals for everything that was moved between 10:42 a.m. and 11:00 a.m.
      3. Define File size & count
        Select Or to be notified if either value is exceeded. Select And to be notified if both values are exceeded. 
        • File count greater than: Defines the total number of files a user must move to generate a notification.
        • Total size greater than: Defines the total size of files a user must move to generate a notification.
      4. Choose File activity by settings to monitor specific users or any user in your environment.
    • Cloud share permission changes
      Alerts you when permissions change for a file stored in a cloud service that make the file publicly accessible.
      • For each cloud service (Box, Google Drive, and Microsoft OneDrive), select one or more of the following permission changes:
        • Public on the web (Google Drive only): The file is available on public search engines and accessible to the entire World Wide Web. Users do not need to be signed in to a cloud services account to see the file. The method used to share the file appears in the Google Drive UI as "Public on the Web."
        • Public via direct link: The file is not listed in public search engines, but is available to anyone who accesses the link. Users do not need to be signed in to a cloud services account to see the file. The method used to share the file appears in the cloud service UI as follows:
          • Box: "People with the link"
          • Google Drive: "Anyone with the link"
          • Microsoft OneDrive: "Anyone with the link"
  9. Click Save.

Videos

Watch the short video below to learn how to create a rule for exposure on an endpoint.

Watch the short video below to learn how to create a rule for cloud share permissions changes. 

For more videos, visit the Code42 University.

Review alerts

When an alert is triggered, a notification will appear on the Review Alerts screen.

  1. Sign in to the administration console
  2. Go to Alerts > Review Alerts.
  3. For any alert, click Expand file event details icon. to see file event details. 
  4. (Optional) Click Investigate in Forensic Search to see more details for this event in Forensic Search.
  5. (Optional) When you're done reviewing the alert, click Dismiss to remove the notification. 

Video

Watch the short video below to learn how to review alerts.  For more videos, visit the Code42 University.

  • Was this article helpful?