Skip to main content

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise
CrashPlan for Small Business

Incydr, yes.

CrashPlan for Enterprise, no.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Review unusual file activity with the Risk Exposure dashboard

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise
CrashPlan for Small Business

Incydr, yes.

CrashPlan for Enterprise, no.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

Overview

The Risk Exposure dashboard shows file activity from throughout your entire environment to help you catch data exposure or loss as soon as possible. This article gives examples of what you can do to investigate unusual activity that may appear in this dashboard. 

Use the Risk Exposure dashboard to see when: 

  • High risk or departing employees are putting data at risk
  • Any employee in your org is moving a lot of files
  • File activity occurs on out-of-network IP addresses
  • Files are added to unsanctioned cloud services
  • Files are made publicly available on a cloud service
  • Files are copied to removable media or read by a browser or other app

Video

Watch the video below to learn about the Risk Exposure dashboard. For other videos in this series, see our Training course: Detecting risk with Code42 Incydr. For more videos, visit the Code42 University.

Considerations

  • Add Trusted Domains in Data Preferences to hide file events that occur on domains you trust. Adding trusted domains helps focus your investigation on file activity that may be a higher risk. File activity on a specific domain is only considered trusted starting the date the domain was added. You can view all file activity, including events that occur on your trusted domains, in Forensic Search.

  • You must have the Customer Cloud Admin or Security Center User role.

  • This functionality is available only when supported by your product plan. Contact your Customer Success Manager (CSM) for assistance with licensing, or to upgrade to the Incydr Advanced product plan for a free trial​​​. If you don't know who your CSM is, email csmsupport@code42.com

  • If your dashboard is empty and shows no data, then you may need to enable endpoint monitoring and connect your cloud services.
  • You must connect at least one cloud service to Code42 to see cloud-related file activity. 

Differences in file event counts
File events for Forensic Search and Alerts appear within 15 minutes of the file activity, while file events in the Risk Exposure dashboard and the User Profile may take up to an hour to appear. As a result, you may see that the file event counts in alert notifications and Forensic Search differ from the event counts in the Risk Exposure dashboard and the Departing Employees and High Risk Employees User Profiles.

Example use cases 

From the Risk Exposure dashboard, you can quickly assess how many file events are happening from your departing and high risk employees as well as across your entire organization. 

Expand a section below to see an example scenario and procedure of how to use the Risk Exposure. 

Review the recent file activity of a high risk or departing employee

Review the file activity of your most active users 

Review file activity occurring on unsanctioned cloud services across your organization

Review files saved to removable media

Review files read by a browser or other app

Review files made publicly available in a cloud service

  • Was this article helpful?