Skip to main content

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Cloud.

Code42 Support

Create and manage alerts

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Cloud.

Overview

This article explains how to configure alert rules. Use rules to define your alert thresholds and who will be alerted when important data may be leaving your company.

When an alert is triggered, it appears on the Alerts > Review Alerts screen. 

Video

Watch the short video below to learn more about alerts. For more videos, visit the Code42 University.

Considerations

Differences in file event counts
File events for Forensic Search and Alerts appear within 15 minutes of the file activity, while file events in the Risk Exposure dashboard and the User Profile may take up to an hour to appear. As a result, you may see that the file event counts in alert notifications and Forensic Search differ from the event counts in the Risk Exposure dashboard and the Departing Employees and High Risk Employees User Profiles.

Create a rule

  1. Sign in to the administration console
  2. Go to Alerts > Review Alerts.
  3. Click Create Rule and select the rule type: 
    • Exposure on an endpoint
      Alerts you based on file activity on an endpoint. This kind of activity also appears on the Endpoint File Activity dashboard.
    • Cloud share permission changes
      Alerts you when a file stored in a cloud service becomes publicly accessible. This kind of activity also appears on the Cloud File Activity dashboard. This rule type is not available in the Code42 federal environment.
  4. Enter basic information and options for the rule:
    • Rule Name
    • Description (optional)
    • Severity: You can use this value to filter alerts later.
    • Email Notifications (optional):  To receive email notifications for this alert, select Send to and enter email addresses, separated by commas. 
  5. Define when the rule should trigger an alert:
    • Exposure on an endpoint
      1. Select the exposure types that you want to be alerted about.
      2. Define thresholds for File size and count. If you select both options, select select Or to be notified if either value is exceeded, or And to be notified only if both values are exceeded.
        • File count greater than: The total number of files moved by a user.
        • Total size greater than: The total size of files moved by a user. 
      3. Select a time window. Thresholds exceeded within this window generate an alert.
    • Cloud share permission changes: 
      For each cloud service that you use, select the permission changes that you want to receive an alert on. You can also be alerted when files are shared outside of the domains you trust.
  6. Select specific file categories that you want to be alerted on, or select Any File Category to be alerted on all files, including those that can't be categorized.
  7. Select File activity by settings:
    • Any user: Receive alerts for activity by all users.
    • Specific users: Receive alerts only for specific users. Enter the email addresses (Code42 usernames or cloud aliases) for these users in a comma-separated list.
    • Any user except these specific users: Receive alerts for activity for all users except those that you specify. Enter the email addresses (Code42 usernames or cloud aliases) for these users in a comma-separated list.
  8. Click Save.
    The new rule is added to the Manage Rules tab.

Videos

Watch the short video below to learn how to create a rule for exposure on an endpoint.

Watch the short video below to learn how to create a rule for cloud share permissions changes. 

For more videos, visit the Code42 University.

Review and dismiss alert notifications

When an alert is triggered, a notification appears on the Review Alerts tab.

  1. Sign in to the administration console
  2. Go to Alerts > Review Alerts.
  3. For any alert, click Details button to see file event details. 
  4. (Optional) Click Investigate in Forensic Search to see the files for this event in Forensic Search.
  5. (Optional) When you're done reviewing the alert, click Dismiss Alert to remove the notification. 
Dismiss multiple notifications at once
To dismiss multiple notifications at once, select the checkbox next to one or more notifications and click the Dismiss Alerts button that appears at the top-right of the list of notifications.

Video

Watch the short video below to learn how to review alerts.  For more videos, visit the Code42 University.

Create a rule based on another rule

  1. Sign in to the administration console
  2. Go to Alerts > Manage Rules.
  3. In the list of rules, locate the rule that you want to copy.
  4. Click Actions Actions and select Make a copy.
  5. Make any necessary changes to your new rule.
  6. Click Save.
    The new rule is added to the list of rules.

Edit a rule

  1. Sign in to the administration console
  2. Go to Alerts > Manage Rules.
  3. In the list of rules, locate the rule that you want to edit.
  4. Click Edit Edit.
  5. Make any necessary changes.
  6. Click Save.

Delete a rule

Deleting a rule stops those alerts
Deleting a rule stops all alerts for that rule for all users. Any previous alerts for the rule remain on the Review Alerts tab.
  1. Sign in to the administration console
  2. Go to Alerts > Manage Rules.
  3. In the list of rules, locate the rule that you want to delete.
  4. Click Actions Actions and select Delete.
    A confirmation dialog appears.
  5. Click Delete Rule.
    The rule is removed from the list. 

Default alerts

If you add an employee to the Departing Employees list or the High Risk Employees list, you may see "Departing Employees" or "High Risk Employees" alerts and rules. Code42 automatically creates these rules to alert you of suspicious activity from employees that are actively monitored in those applications. 

The default Departing Employees and High Risk Employees rules:

Enable or disable default alerts

  1. Go to the appropriate application:
    1. Departing Employees: Detection > Departing Employees
    2. High Risk Employees: Detection > High Risk Employees
  2. Click Alert Settings.
    The Alert Settings window appears.
  3. Click the slider to enable Enable alerts or disable Disable alerts alerts. When enabled, the alert is turned on for all employees listed in that application.

Edit default alerts

  1. Go to the appropriate application:
    1. Departing Employees: Detection > Departing Employees
    2. High Risk Employees: Detection > High Risk Employees
  2. Click Alert Settings.
    The Alert Settings window appears.
  3. Ensure that the alerts are enabled. 
  4. Click Manage Rule for the corresponding alert. 
    The edit rule window for that alert opens in Alerts.
  5. Make any necessary changes. 
  6. Click Save.
  • Was this article helpful?