Who is this article for?
Incydr Professional, Enterprise, Horizon, and Gov F2, yes.
Incydr Basic, Advanced, and Gov F1, yes.
Detect and respond to insider risks
Our step-by-step guide to capture, review, and respond to suspicious file activity.
Set up and configure
Learn best practices to get Incydr up and running at your organization.
Enable file endpoint data collection
Update settings to identify the exfiltration vectors you want to monitor for risky activity.
Customize security alert criteria
Define criteria and thresholds to generate automatic notifications about data exfiltration.
Add cloud and email services monitoring
Grant Code42 permission to monitor your cloud and email services for risky activity.
Reduce noise with data preferences
To focus Code42 security event reporting on higher-risk file activity, define domains and IP addresses you trust.
Detect - Investigate - Respond
Review unusual file activity
Learn how to identify and investigate risk exposure across your entire organization with these step-by-step use cases.
Use Forensic Search for in-depth investigations
Forensic Search is a powerful search interface for investigating file activity on endpoints, removable media, cloud services, and email attachments.
Secure data throughout employee tenure
Quickly identify suspicious file activity on endpoints and in cloud services for departing employees and other higher-risk users.
Manage security investigations with Cases
Collect, organize, and retain user file activity with Cases.
Top articles for setup and management
Insider risk setup
Learn how Code42 monitors file activity to help you detect, investigate, and respond to insider risk.
Assign roles to users to give them permissions to perform tasks.
Users and organizations
Manage user provisioning, authentication (SSO), watch lists, and your organizational hierarchy.
Collection of administrative resources for deploying, managing, and troubleshooting user devices (also known as "agents," "endpoints, or "computers").
Manage your Code42 subscriptions.
Code42 cloud data retention and cold storage policies
Identify how long your data is retained in the Code42 cloud when users, devices, and organizations are deactivated, or if you do not renew your contract with Code42.
Monitor your environment health
Review device status reports, subscription usage, progress of cloud data sources ingest, and more. Learn how to identify and fix any problems.
View guides for testing network connections, managing device bandwidth to the Code42 cloud, configuring firewalls, and more.
Reduce security event and alert noise
Learn how to greatly reduce false positives by pre-defining domains and IP addresses you trust.
More troubleshooting topics
Browse all administrative troubleshooting articles.
APIs and SDK
Introduction to the Code42 API
Learn how to use the Code42 API to create custom reports, perform automated actions, or integrate with existing systems within your organization.
Search file activity using the Forensic Search API
Perform complicated or customized searches to monitor and investigate suspicious file activity using the Code42 API.
Manage detection list users with the Code42 API
Automate the process of managing users in the Departing Employees list and High Risk Employees list using the Code42 API.
Manage security alerts with the Code42 API
Automate the process of viewing alert notifications, adding notes, or opening or dismissing alert notifications using the Code42 API.
Introduction to py42, the Code42 Python SDK
Use py42 to develop your own Python applications for working with Code42 data while avoiding the overhead of session or authentication management.
Code42 command-line interface
Introduction to the Code42 command-line interface
Get started using the Code42 CLI to interact with your Code42 environment without using the Code42 console or making API calls directly.
SOAR, SIEM, and other tools
Install and manage the Code42 app for Cortex XSOAR
Integrate Code42 with Cortex XSOAR to view and search Code42 data and manage Code42 departing employees within XSOAR.
Install and manage Code42 for IBM Resilient
Set up Code42 for IBM Resilient to investigate departing employees and find known malicious files.
Integrate Code42 with Sumo Logic
Automatically import file exfiltration event data from Code42 into Sumo Logic using the Code42 command-line interface (CLI).
Install and manage the Code42 Insider Threat app for Splunk
Set up the Code42 Insider Threat app for Splunk to visualize Code42 data in Splunk dashboards.
Install and manage the Code42 app for Splunk Phantom
Set up the Code42 app for Splunk Phantom to start running Code42 actions, for example on users and devices, or to search file activity.
More articles about integrating with Code42
For more information about how to set up and manage integrations, see Code42 integrations resources.