Skip to main content

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Cloud.

Code42 Support

Create and manage alerts

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Cloud.

Overview

This article explains how to configure alert rules. Use rules to define your alert thresholds and who will be alerted when important data may be leaving your company. When an alert is triggered, it appears on the Alerts > Review Alerts screen

Video

Watch the short video below to learn more about alerts. For more videos, visit the Code42 University.

Considerations

Departing Employees alerts

If you add an employee to the Departing Employees application, you may see alert rules on the Manage Rules tab with a blue "Departing Employees" label. Code42 automatically creates these rules to alert you of suspicious activity for departing employees. 

The default "Departing Employees" rules:

Create a rule

  1. Sign in to the administration console
  2. Go to Alerts > Review Alerts.
  3. Click Create Rule.
    The New Rule screen appears.
  4. Enter a name for the rule.
  5. (Optional) Enter a description of what the rule is for. 
  6. Set the appropriate Severity level. You can use this value to filter alerts later.
  7. (Optional) To receive email notifications for this alert:
    1. Select Send to.
    2. Enter up to ten email addresses, separated by commas. 
  8. Select an Alert Type:
    • Exposure on an endpoint
      1. Select the exposure types you want to be alerted about:
        • Read by browser or other app: Alerts you when files were uploaded by a browser or an app such as Slack, FTP client, or curl.
        • Moved to removable media: Alerts you when data is moved to removable media, such as a USB drive.
        • Moved to cloud sync folders: Alerts you when file activity in folders on a user's device that are typically used to sync to a cloud service exceeds the thresholds you set for total file size and file count (see ii below).
      2. (Optional) Define File size and count
        • File count greater than: Select to define the total number of files a user must move to generate a notification.
        • Total size greater than: Select to define the total size of files a user must move to generate a notification.
        • Select Or to be notified if either value is exceeded. Select And to be notified if both values are exceeded. 
      3. Select a time window. Thresholds exceeded within this window generate an alert.
        • The time frame begins as the file activity begins. 
        • An alert is sent five minutes after the threshold you set for total file size and file count is exceeded. This five minute delay reduces alert "noise" since users can move a lot of data in a few quick clicks.
        • For example, you choose a time frame of 1 hour. An employee starts moving files at 10:42 a.m. and exceeds the threshold at 10:55 a.m. An alert is sent to you five minutes later at 11:00 a.m. with combined totals for everything that was moved between 10:42 a.m. and 11:00 a.m.
    • Cloud share permission changesAlerts you when permissions change for a file stored in a cloud service that make the file publicly accessible.
      1. For each cloud service (Box, Google Drive, and Microsoft OneDrive), select one or more of the following permission changes:
        • Public via direct link: The file is not listed in public search engines, but is available to anyone who accesses the link. Users do not need to be signed in to a cloud services account to see the file. The method used to share the file appears within the cloud service as follows:
          • Microsoft OneDrive: "Anyone with the link"
          • Google Drive: "Anyone with the link"
          • Box: "People with the link"
        • Public on the web (Google Drive only): The file is available on public search engines and accessible to the entire Internet. Users do not need to be signed in to a cloud services account to see the file. The method used to share the file appears in Google Drive as "Public on the Web." 
  9. Select the file categories you want to be alerted on. Select Any File Category to be alerted on all file categories, including files that couldn't be categorized.
  10. Select File activity by settings:
    • Select Any user to be alerted for activity by all users.
    • Select Specific users and enter a comma-separated list of email addresses to only be alerted for activity by those users.
    • Select Any user except these specific users and enter a comma-separated list of email addresses to be alerted for activity by any user not included in this list of users.
  11. Click Save.
    The new rule is added to the list of rules.

Videos

Watch the short video below to learn how to create a rule for exposure on an endpoint.

Watch the short video below to learn how to create a rule for cloud share permissions changes. 

For more videos, visit the Code42 University.

Review alert notifications

When an alert is triggered, a notification appears on the Review Alerts screen.

  1. Sign in to the administration console
  2. Go to Alerts > Review Alerts.
  3. For any alert, click Expand file event details icon. to see file event details. 
  4. (Optional) Click Investigate in Forensic Search to see more details for this event in Forensic Search.
  5. (Optional) When you're done reviewing the alert, click Dismiss to remove the notification. 

Video

Watch the short video below to learn how to review alerts.  For more videos, visit the Code42 University.

Create a rule based on another rule

  1. Sign in to the administration console
  2. Go to Alerts > Manage Rules.
  3. In the list of rules, locate the rule that you want to copy.
  4. Click Actions Actions and select Make a copy.
  5. Make any necessary changes to your new rule.
  6. Click Save.
    The new rule is added to the list of rules.

Edit a rule

  1. Sign in to the administration console
  2. Go to Alerts > Manage Rules.
  3. In the list of rules, locate the rule that you want to edit.
  4. Click Edit Edit.
  5. Make any necessary changes.
  6. Click Save.

Delete a rule

Deleting a rule stops those alerts
Deleting a rule will stop all alerts for that rule for all users. Any previous alerts for the rule will remain on the Review Alerts tab.
  1. Sign in to the administration console
  2. Go to Alerts > Manage Rules.
  3. In the list of rules, locate the rule that you want to delete.
  4. Click Actions Actions and select Delete.
    A confirmation dialog appears.
  5. Click Delete Rule.
    The rule is removed from the list. 

Enable or disable Departing Employees alerts

  1. Go to Detection > Departing Employees.
  2. Click Alert Settings.
  3. Click Enable alerts for all departing employees to turn on or off the default alerts for all employees listed in the Departing Employees application. 
  • Was this article helpful?