Skip to main content

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise
CrashPlan for Small Business

Incydr, yes.

CrashPlan for Enterprise, no.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

HOME
GETTING STARTED
RELEASE NOTES
FAQS
SYSTEM STATUS
Code42 Support

Migrate Activity Notification profiles to alerts

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise
CrashPlan for Small Business

Incydr, yes.

CrashPlan for Enterprise, no.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

Overview

If your product plan includes advanced alerting criteria, Alerts are replacing File Activity Notification profiles. You must recreate any existing Activity Notification profiles in Alerts to continue notifications. This article helps you migrate Activity Notification profile settings to new alert rules so that you can continue to be notified about suspicious file activity and take advantage of this improved functionality. 

Affects

This affects users with a product plan that includes advanced alerting criteria and that have existing Activity Notification profiles.

If your product plan does not include this feature or you do not use Activity Notification profiles, this article doesn't apply to you.

Step 1: Review Activity Notifications

Review your Activity Notification profile settings to identify what you need to recreate as an alert rule.

  1. Sign in to the Code42 console
  2. Go to Investigation > Activity Notifications.
  3. Select a profile from the Activity profile list to see the details.
  4. Review the settings configured for that profile.
  5. Repeat these steps for any other profiles you have. 

Step 2: Recreate the profile in an alert rule

  1. In the Code42 console, select Alerts > Review Alerts.
  2. Click Create Rule and select Exposure on an endpoint from the menu.
    The Activity Notification profile settings most closely match the settings in this alert rule. If your license includes at least one cloud service and you want to be notified when files are made publicly available in this service, see Create and manage alerts for information on creating a Cloud share permission changes alert.
  3. Enter a rule name that links the alert rule to the original Activity Notification profile, for future reference, and enter a description of the rule (if needed).
  4. Select the Severity: High, Medium, or Low.
    When viewing alerts in Code42, you can filter the list to show only those with a specific severity.
  5. To send email notifications when the alert is triggered:
    • Select the Send To check box.
    • Enter the email addresses of the recipients, separated by commas.
  6. Select the Exposure Type.
    The Moved to removable media and Moved to cloud sync folders options are the same as the Removable media and Cloud services Activity Notifications profile settings for endpoint monitoring. You can also select Read by browser or other app to be notified when files are uploaded by a browser or app such as Slack, AirDrop, FTP client, or curl. 
  7. Select the File size and count thresholds to use in the alert rule.
    These settings are similar to what is in the Activity Notifications profiles. In alert rules, however, you can be notified when either or both thresholds are exceeded, or you can use only one of these thresholds in the rule.
  8. Select a time window from the Thresholds exceeded within list.
    This setting is similar to the Scan frequency setting in Activity Notifications profiles. The alert is triggered when file activity exceeds the file size and count thresholds within this time window. The time frame starts when file activity begins, and the alert is sent 5 minutes after the thresholds are exceeded. This 5-minute delay reduces alert "noise." 
  9. Select the File Categories to include in the alert rule to only be notified about activity for files that match the selected categories. Select Any File Category to be alerted on all file categories, including those that can't be categorized. 
  10. Under File activity by, select the users you want to include in the alert rule: all users, only specific users, or all users except the specified users.
    These options are similar to the Add user feature on the Activity profile details screen, but gives you more flexibility for selecting users for which you want to monitor file activity. If you have the Code42 Platinum product plan, you can also add users directly to default alerts from the Departing Employees list and High Risk Employees list.
  11. Click Save.
    When an alert is triggered, an email is sent to all recipients and the alert notification appears on the Review Alerts screen.

You will continue to receive notifications from your existing File Activity Notifications profiles until the profiles are deactivated. If you no longer want to receive these notifications, you can delete them from the Activity profile details screen.

Considerations

Licensing 

To be alerted about cloud share permission changes, your product plan must be licensed for at least one cloud service.

Alerts versus Activity Notifications

Like Activity Notification profiles, Alerts automatically notify you when files stored on an endpoint move to removable media (such as a USB drive) or to folders commonly used to sync to a cloud service. Unlike Activity Notification profiles, alerts can be reviewed directly within Code42 as well as emailed to multiple recipients for improved visibility into suspicious file activity. Alerts also provide enhanced visibility into other possible file exfiltration events:

  • Exposure on an endpoint alerts add the ability to be notified when files on an endpoint are read by a browser or app such as Slack, AirDrop, FTP client, or curl
  • Cloud share permission changes alerts notify you when a change to file permissions makes files publicly available in a cloud service
  • Was this article helpful?