Skip to main content

Who is this article for?
Find your product plan in the Code42 console on the Account menu.

Incydr Professional and Enterprise
Incydr Basic and Advanced
Other product plans

Incydr Professional and Enterprise, yes.

Incydr Basic and Advanced, yes.

CrashPlan Cloud, no.

Other product plans, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

Code42 Support

View and manage alert notifications


This article explains how to review and manage the security notifications that are created when Code42 detects activity that matches the criteria in an alert rule.

When a rule is triggered, an alert notification appears in the Alerts > Review Alerts table. You can add a note to an alert, review and dismiss alerts, or use the filters to search for alerts that have been dismissed to reopen them.

Code42 only alerts you about untrusted activity
Code42 automatically filters file events to alert you only about activity that occurs outside the domains, Slack workspaces, and cloud destinations you trust. While Code42 still records all file activity (and you can view it in Forensic Search), you are not notified by alert rules for trusted events. 


  • To use this functionality, Incydr users must be assigned specific roles. For more information, see Roles for Incydr. To learn which permissions on Incydr roles allow use of this functionality, see Permissions for Incydr. If you use other Code42 products, see Role assignment use cases.

  • This functionality is available only when supported by your product plan. Contact your Customer Success Manager (CSM) for assistance with licensing, or to upgrade to an Incydr product plan. If you do not know your CSM, please contact our Customer Champions.

  • You must connect at least one cloud service to Code42 to see cloud-related file activity. 

Differences in file event counts
File events for Forensic Search and Alerts typically appear within 15 minutes of the file activity, while file events in the Risk Exposure dashboard and the User Profile may take up to an hour to appear. As a result, you may see that the file event counts in alert notifications and Forensic Search differ from the event counts in the Risk Exposure dashboard and the Departing Employees and High Risk Employees User Profiles.

Review alert notifications

  1. Sign in to the Code42 console
  2. Go to Alerts > Review Alerts.
  3. For any alert, click View detail View details icon to see more details.
    The Alert details opens where you can view file details, add notes or statuses, and take other actions on the alert. 
    • Click Copy Link   to copy the link to the alert notification in the Code42 console so that you can share it with others for investigation.
    • Click Investigate in Forensic Search to see the files for this event in Forensic Search. If both cloud sharing and endpoint exposure events are involved in this alert, select the type of events you want to view from the menu that opens:
      • Investigate cloud sharing events
      • Investigate endpoint exposure events
    • Click Send email to compose an email to the user requesting more information about this activity.
      You can customize the email as needed after it opens.
    • Click View Rule View rule to open and update the rule settings.
    • Select a status to identify the state of your investigation into the alert.
      If you select Dismissed, Code42 automatically dismisses the alert and removes it from the list of open alerts. Click Reopen alert at the bottom of the alert details to reopen the alert and change its status to Open, if needed.
    • Add a note (or edit any current note) to provide more details about the alert.
    • Click View profile View profile to open the User Profile for that user.
      View profile appears only when allowed by your Code42 product plan and role permissions.
  4. (Optional) When you're done reviewing the alert, click Dismiss alert to remove the notification. 
    When you dismiss an alert, Code42 automatically removes it from the list of open alerts. You can reopen alerts, if needed.
Dismiss multiple notifications at once
To dismiss multiple notifications at once, select the checkbox next to one or more notifications in the Review Alerts list and then click the Dismiss Alerts button that appears at the top-right of the list of notifications.

Add a note

  1. Sign in to the Code42 console
  2. Go to Alerts > Review Alerts.
  3. For any alert, click View details icon to see more details.
  4. In the Notes panel, click Add note.
    If the alert already includes a note, click Edit Edit icon to edit the existing note. 
  5. Enter the note and click Save. You can also delete a note entirely by deleting the note's text and clicking Save.
    Your note is added to the Notes panel in the Alert details. Code42 automatically saves and displays the username of the last person to edit the note, along with the date and time it was edited. Click Expand note to view long notes.

Dismiss alert notifications

  1. Sign in to the Code42 console
  2. Go to Alerts > Review Alerts.
  3. For any alert, click Dismiss alert Dismiss alert icon. When the menu opens:
    • Select Dismiss to dismiss the alert.
    • Select Dismiss with note to add a note to the alert and then dismiss it. Enter your note (or edit the existing note) and then click Save and dismiss.
    The notification is removed from the table and entered into the list of dismissed alert notifications.

Reopen dismissed alert notifications

  1. Sign in to the Code42 console
  2. Go to Alerts > Review Alerts.
  3. Click Filter Filter icon and apply the Dismissed status to show alerts that have been dismissed.
    1. When the Filters panel opens, under Status, clear the Open checkbox and select the Dismissed checkbox.
    2. (Optional) Select any other criteria to further filter the list of alerts that are returned.
    3. Click Apply.
      You are returned to the Review Alerts table and only the dismissed alerts that meet any other selected criteria are listed.
  4. (Optional) Click Reopen Alert Reopen alert icon to reopen a notification:
    • Select Reopen to reopen the alert.
    • Select Reopen with note to add a note to the alert and then reopen it. Enter your note (or edit the existing note) and then click Save and reopen.
    The reopened notification is removed from the table and returned to the list of open alert notifications. To view open notifications, repeat step 3 above and select the Open status.
  • Was this article helpful?