Skip to main content

Who is this article for?

CrashPlan Cloud
CrashPlan for Small Business

Find your product plan in the Code42 console on the Account menu.
Not a CrashPlan Cloud customer? Search or browse CrashPlan for Small Business or Incydr and Instructor.

Instructor, no.

Incydr Professional, Enterprise, Gov F2, and Horizon, no.

Incydr Basic, Advanced, and Gov F1, no.

CrashPlan Cloud, yes.

Retired product plans, yes.

CrashPlan for Small Business, no.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Audit Log for CrashPlan

Who is this article for?

CrashPlan Cloud
CrashPlan for Small Business

Find your product plan in the Code42 console on the Account menu.
Not a CrashPlan Cloud customer? Search or browse CrashPlan for Small Business or Incydr and Instructor.

Instructor, no.

Incydr Professional, Enterprise, Gov F2, and Horizon, no.

Incydr Basic, Advanced, and Gov F1, no.

CrashPlan Cloud, yes.

Retired product plans, yes.

CrashPlan for Small Business, no.

Overview

The Code42 Audit Log provides a record of who did what and when in the Code42 environment. This article provides detailed descriptions of each item in the Audit Log in the Code42 console. Some uses of the Audit Log include: 

  • Determine how the Code42 environment ended up in its current state.
  • Spot check others' work to prevent abuse of privileged access.
  • Identify areas of training for users that caused inadvertent changes.
Use the Audit Log APIs to export results
The Audit Log in the Code42 console allows you to quickly search events and export the results to a comma-separated-values (CSV) file. While this is helpful to quickly perform spot checks, instead use the Code42 API if you need to export events to your internal security team tools. See Search Audit Log events with the CrashPlan API.

Considerations

  • You must have the Audit Log Viewer role to view events in the Audit Log.
  • The Audit Log records events for the last 90 days. If you want to maintain Audit Log output for longer than 90 days, export the results to your own systems for storage.
  • While there is no limit to the number of events recorded in Audit Log, you can export only a maximum of 100,000 events at once. To work around this limitation, see Troubleshooting.
  • Events that are recorded in the Audit Log can originate from actions taken in the Code42 console, Code42 APIs, an integration with Code42, or an external user provisioning system.
  • Event results are returned within five minutes of the event occurrence. Although event results of different event types are returned at different intervals, they are always listed in the order they occurred.
  • In addition to searching Audit Log events using APIs, you can also use py42 to query the Audit Log.

Audit Log in the Code42 console

To view the Audit Log:

  1. Sign in to the Code42 console.
  2. Select Administration > Status > Audit Log

Audit Log

Item Description
a Export Export icon Export the filtered events to a comma-separated values (CSV) file.
b Filter Filter icon Filter the events by the criteria you select. 
c Filtered by The filters that are currently applied to the Audit Log events. Click the X to remove that filter. Remove all filters to view all events.
d Username The Code42 username associated with the event.
e Event type

The event type logged.

f Date observed Date and time the event occurred. The time is reported in Coordinated Universal Time (UTC).
g IP address Public IP address involved in the event. 
h View detail Details icon Click to view event details. Includes event type, date observed, and device details.

Filter

To filter the events listed in the Audit Log, click Filter Filter icon and select the criteria to use. When you click Apply, events that match all filters appear in the list.

Audit Log filter

Item Description
a Username Returns events triggered by a specific Code42 user. Use commas to separate multiple usernames.
b User type

The type of user to search for:

  • User
    Select to search for events triggered by a Code42 user.
  • Code42 support user
    Select to search for events triggered by a Code42 support user. Code42 support users are Customer Champions given support access to your Code42 environment to perform investigation and adjust settings as needed. By default, the Code42 support user's name is marvin@code42.com. The Code42 support user can create additional users that appear in the Audit Log. To find those users, you can filter on the user type Code42 support user and then filter on the Add user event type.
  • API client
    Select to search for events triggered by an API client.
c Date range

Filters the list by the selected date range. Select Custom to enter start and end dates to use to filter events. You can also select All dates to view all events that have been logged.

d Event type

Filters results by event types. All events filters by all available event types. 

 

Event types are organized into categories. Select All events in a category to filter by all available event types in that category. 

 

See the Event types section below for a description of each event type. 

  • Administration
    • All events
    • Code42 support user access disabled
    • Code42 support user access enabled
    • Risk setting changed
    • Risk setting created
  • Alerts*
  • API Clients
    • All events
    • API client created
    • API client deleted
    • API client description changed
    • API client name changed
    • API client permissions assigned
    • API client permissions revoked
    • API client secret reset
  • Authorization
    • All events
    • Console login
  • Cases*
  • Data Preferences*
  • File access
    • All events
    • File download*
    • File download: IO error*
    • Path purged
    • Restore ended
    • Restore started
    • ZIP file downloaded
  • Forensic Searches*
  • Identity and access management 
    • Federation created
    • Federation deleted
    • Federation metadata updated
    • Federation updated
    • Identity provider assigned to org
    • Identity provider created
    • Identity provider deleted
    • Identity provider metadata updated
    • Identity provider removed from org
    • Identity provider updated
    • SCIM provisioner configuration updated
    • SCIM provisioner created
    • SCIM provisioner credentials changed
    • SCIM provisioner deleted
  • User updates
    • All events
    • Activate user
    • Add user
    • Deactivate user
    • Email change
    • External attributes change
    • External reference change
    • Local auth only change
    • Name change
    • User roles assigned
    • User roles revoked
    • Username change
  • Watchlists* 

* Available only in Incydr product plans.

e IP address Filters the events by a specific public IP address involved in the event. Use commas to separate multiple IP addresses.
f Cancel / Apply Click Apply to apply the selected filter criteria to the list and display only the events that match that criteria. To return to the list without applying any filters, click Cancel.

Export

Click Export icon Export to export the filtered events in the Audit Log to a comma-separated values (CSV) file. Any filters that are applied are shown above the Audit Log list. Click the X on a filter to remove that filter from the exported results.

In addition to exporting events to CSV in the Code42 console, you can also export events with the Code42 API. See Search Audit Log events with the CrashPlan API

Event details

For any event listed in the Audit Log, click View details Details icon to see more information about the event.

Event details

Following are the fields that can appear in event details.

Event

User

Additional event details

Event types

Troubleshooting

  • Was this article helpful?