Skip to main content
Contact Support

Who is this article for?

Incydr Professional, Enterprise, Gov F2, and Horizon
Incydr Basic, Advanced, and Gov F1

Find your product plan in the Code42 console on the Account menu.
Not an Incydr customer? For CrashPlan articles, search or browse.

Instructor, no.

Incydr Professional, Enterprise, Gov F2, and Horizon, yes.

Incydr Basic, Advanced, and Gov F1, yes.

CrashPlan Cloud, no.

Retired product plans, no.

CrashPlan for Small Business, no.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

All Users reference

  1. Last updated
  2. Save as PDF

Overview

The All Users list shows all of the users in your Code42 environment sorted on the highest number of critical-severity file events, then by high-severity file events. On this list, you can see the risk indicators associated with a user's file events and see more details about their most recent file activity.

Considerations

  • Add trusted activity and data connections to focus your investigations on higher-risk file activity. Adding trust settings reduces noise by only showing untrusted file events in Incydr security event dashboards, user profiles, and alerts. All file activity is still visible in Forensic Search.

  • To use this functionality, Incydr users must be assigned specific roles. For more information, see Permissions for Incydr

Differences in file event counts
File events for Forensic Search and Alerts typically appear within 15 minutes of the file activity, while file events in the Risk Exposure dashboard and the User Profile may take up to an hour to appear. As a result, you may see that the file event counts in alert notifications and Forensic Search differ from the event counts in the Risk Exposure dashboard and the Departing Employees and High Risk Employees User Profiles.

All Users list

To access the All Users list:

  1. Sign in to the Code42 console.
  2. Select User Activity > All Users.
    The All Users list appears.
All Users functionality varies based on your product plan
The All Users list is only available if your product plan supports it. Depending on your product plan, you may instead see the User Activity page. For more information about User Activity, see User Activity and Activity Notifications reference.

All Users list

Item Description
a Trust settings Trust settings

Indicates trust settings are applied to this page, which filters your view to only show the riskiest activity. Click to learn more and to view your trust settings.


Code42 excludes trusted file activity from appearing on dashboards, detection lists, user profiles, and alerts. Trusted activity is the file activity that occurs on your trusted domains and IP addresses as well as your approved cloud destinations.
b Search Enter a Code42 username to find a specific employee's file activity.
c Risk settings

Click to open Risk settings, from which you can set the score of each risk indicator. Scores are used to calculate the severity of each file event. For more information about Risk settings, see Risk settings reference.

 

To edit risk settings, you must have the Insider Risk Admin or Insider Risk Analyst role. Users with the Insider Risk Read Only role can view risk settings, but not make changes.
d Selected time frame  Shows the time frame in which the file activity occurred. Click to change the time frame.
e Quick filters Click View users on any of the filters to only see employees in the list with file events of that severity. Click the "X" on a filter applied to the list to remove it.
f List of users  Shows all of the users in your Code42 environment sorted by the highest number of critical-severity file events, then by high-severity file events.

List of users

List of all users

Item Description
a User

Shows the name of employee that initiated the file activity, their department*, and title*. 

 

*Department and title are only shown if your Code42 environment uses provisioning.
b Critical events

Displays file events with an overall risk score of 9+

 

Risk scores are defined for individual risk indicators in Risk settings. For each file event, the score of each applicable risk indicator is added up to an overall risk score. The overall risk score determines the severity of each file event.

 

For more information about how risk scores are calculated and how risk scores applies to event severity, see Risk settings reference.
c High events

Displays file events with an overall risk score of 7-8

 

Risk scores are defined for individual risk indicators in Risk settings. For each file event, the score of each applicable risk indicator is added up to an overall risk score. The overall risk score determines the severity of each file event.

 

For more information about how risk scores are calculated and how risk scores applies to event severity, see Risk settings reference.
d Moderate events

Displays file events with an overall risk score of 4-6

 

Risk scores are defined for individual risk indicators in Risk settings. For each file event, the score of each applicable risk indicator is added up to an overall risk score. The overall risk score determines the severity of each file event.

 

For more information about how risk scores are calculated and how risk scores applies to event severity, see Risk settings reference.
e Low events

Displays file events with an overall risk score of 1-3

 

Risk scores are defined for individual risk indicators in Risk settings. For each file event, the score of each applicable risk indicator is added up to an overall risk score. The overall risk score determines the severity of each file event.

 

For more information about how risk scores are calculated and how risk scores applies to event severity, see Risk settings reference.
f Destination indicators

Risk indicator based on where a file is moved or uploaded.
g File indicators

Risk indicator based on the type of file, as determined by the file extension and file contents.
h User indicators

Risk indicator based on user behavior automatically detected by Incydr and inclusion in high risk user groups, such as departing employees.
i Notes Displays any notes added to the User Profile
j Filter

Click to filter the list by:
k Action menu Action menu

Click to select:

  • View profile: Opens the employee's User Profile where you can view their past file events.
  • View events in Forensic Search: Opens the employee's file events in Forensic Search where you can see greater detail about the file events. 
l View details View file event details Click to see more details about the user's file activity such as the filename and risk score of their critical and high file events. 

View details

From the list of users, click View event details View details to see more information about a user's file activity. 

View details about a user's file activity

Item Description
a Selected time frame

Shows the time frame the file activity occurred in.

 

Change the time frame in the upper-right corner of the Risk Exposure dashboard. Changing the time frame updates all the data you see on the Risk Exposure dashboard and User Profiles.
b User

Displays a summary of the employee's information, including:

  • Name
  • Department* 
  • Title*
  • Risk detection lists the employee has been added to
  • Notes that have been added to the employee's profile

*Displays this information if your Code42 environment uses provisioning. For more information, see Provision user attributes to Code42.
c

View profile View user profile

 Opens the User Profile for the employee.
d Notes Click Add notes to add more details to the user's profile. If notes already exist, click Edit Edit user profile notes to modify existing notes.
e Risk indicator events

Displays counts of each file event severity with associated risk indicators.

 

For more information about risk indicators, see Risk settings reference.
f Investigate in Forensic Search Investigate in Forensic Search Opens the events with risk indicators in Forensic Search. Learn more about using Forensic Search.
g Filter Click to show filters and then select risk indicator filters to filter the shown list of events. To remove a selected filter, click it again. 
h By risk score Click to show file events by risk score in descending order.
i By date observed Click to show file events by the date the event occurred with latest events on top.
j Filename/Details

Shows filename, risk indicators, risk score, and other details pertaining to the file event.

 

If the filename is shown as a blue hyperlink, you can download the file from this location. If the filename is not a blue hyperlink, you may be able to download the file in Forensic Search.

To view all file events, click Investigate in Forensic Search Investigate in Forensic Search.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Reference
    Available in CrashPlan Cloud
    No
    Available in other/on-premises product plans
    No
    Available in Incydr Basic and Advanced
    Yes
    Available in Incydr Pro, Enterprise, and Horizon
    Yes
    Available in Instructor
    No
    Available in CrashPlan for Small Business
    No
    Stage
    Draft
  2. Tags
    1. insider risk
    2. insider threat