Skip to main content

Who is this article for?

Code42 for Enterprise
CrashPlan for Small Business

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

HOME
GETTING STARTED
RELEASE NOTES
FAQS
SYSTEM STATUS
Code42 Support

Manage alert rules users with the Code42 command-line interface

Who is this article for?

Code42 for Enterprise
CrashPlan for Small Business

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

Overview

The Code42 command-line interface (CLI) tool offers a way to interact with your Code42 environment without using the Code42 console or making API calls directly. For example, you can use it to manage users associated with alert rules. This article provides instructions for using the Code42 CLI to add and remove users from alert rules. 

You can also use the Code42 CLI to extract alerts for use in a security information and event management (SIEM) or security orchestration, automation, and response (SOAR) tool. For more information, see Integrate security alerts with a SIEM tool using the Code42 command-line interface

Before you begin

To manage users associated with alert rules using the Code42 CLI, you must first install and configure the Code42 CLI following the instructions in Set up the Code42 command-line interface

Manage users associated with alert rules

When creating or editing alert rules, you can specify if you'd like to receive alerts: 

  • Only when specific users meet the alert rule criteria
  • For activity for all users except those you specify

Once you set up an alert rule and select one of these options, you can use the Code42 CLI to add users to these lists.  

Use the alert-rules commands to add or remove employees associated with alert rules. To see a list of all the users currently in your organization, you can export a list from the Users action menu

Get CSV template

To add multiple users to an alert rule's criteria:

  1. Generate a CSV template. Below is an example command for generating a template to use to add users to an alert rule. Once generated, the CSV file is saved to your current working directory.  

code42 alert-rules bulk generate-template add

To generate a template to use to remove users from an alert rule, for example: 

code42 alert-rules bulk generate-template remove

  1. Use the CSV template to enter the rule ID(s) and email addresses (Code42 usernames or cloud aliases). Enter one rule ID and one email address per line. 
    To get the rule ID for an alert rule, enter code42 alert-rules list . 
  2. Save the CSV file. 

Add users to alert rules  

You can add one or more users to an alert rule.

Add multiple users

Once you have entered the rule and user information in the CSV file, use the bulk add command with the CSV file path to add multiple users at once. For example: 

code42 alert-rules bulk add /Users/astrid.ludwig/add_user.csv

Add a single user

To add a single user to an alert rule, use the following command as an example:

code42 alert-rules add-user --rule-id 5e776203-5379-4065-ad97-31d9b99c583e --username tanya.rowe@example.com  

Command Description
add-user Add a single user to the alert rule.   

--rule-id

The identification number of the alert rule. To get the rule ID for an alert rule, run the command code42 alert-rules list . 

--username The user's Code42 username or cloud alias.
--profile

The profile to use to execute the command. (Optional)

If not specified, the default profile is used. 

Remove users 

You can remove one or more users from an alert rule.

Remove multiple users

To remove multiple users at once:

  1. Enter the rule ID(s) and email addresses (Code42 usernames or cloud aliases) based on the CSV file template you generated.
  2. Save the file to your current working directory. 
  3. Use the bulk remove command with the file path of the CSV you created. For example:  

code42 alert-rules bulk remove /Users/hope.rodriguez/remove_user.csv

Remove a single user

Use remove-user to remove a single user. For example: 

code42 alert-rules remove-user --rule-id  5e776203-5379-4065-ad97-31d9b99c583e --username mercedes.simmons@example.com

Command Description
remove-user Remove a single user from the alert rule.  

--rule-id

The identification number of the alert rule. To get the rule ID for an alert rule, run the command code42 alert-rules list . 

--username The user's Code42 username or cloud alias.
--profile

The profile to use to execute the command. (Optional)

If not specified, the default profile is used. 

View alert rules

You can use the Code42 CLI to get a list of all the alert rules for your organization, or get full details for an alert rule. 

List rules

To view a list of alert rules for your organization, use the following command:  

code42 alert-rules list

This command will list the rule ID, rule name, severity level, type, source, and whether or not the rule is enabled.

View details

To view all details for an alert rule, enter code42 alert-rules show with the rule ID, for example: 

code42 alert-rules show 5e776203-5379-4065-ad97-31d9b99c583e