Departing employee risk report reference
The departing employee risk report shows you a summary of risky activity an employee on the Departing watchlist has had in the last 90 days. In the report, you can see a summary of the alerts the user has triggered, the number of cases they were involved in, how many critical events they've caused, and how many events they have that correspond to the most common exfiltration scenarios for departing employees. Use the report to make your offboarding triage tasks more streamlined and consistent.
To use this functionality, Incydr users must be assigned specific roles. For more information, see Permissions for Incydr.
This functionality is available only when supported by your product plan. Contact your Customer Success Manager (CSM) for assistance with licensing, or to upgrade to an Incydr product plan. If you do not know your CSM, please contact our Technical Support Engineers.
Departing employee risk report
To open the report:
- Go to User Activity > Watchlists.
- Select the Departing watchlist.
- Find the user and click Risk report.
The risk report slides in from the right.
|a||Export events||Click to send all of the employee's critical events for the past 90 days to a CSV file.|
Displays a summary of the employee's information, including:
*Displays this information if your Code42 environment uses provisioning. For more information, see Provision user attributes to Code42.
|c||View profile||Click to see the employee's User profile.|
Do one of the following:
Notes are limited to 1000 characters.
Shows how many cases exist for the user, the number of alerts they've triggered, and how many critical events they've had in the past 90 days.
Note: The case and alert counts are not visible if you do not have the appropriate permissions.
|f||Risk indicators||Shows the user's top risk indicators sorted by the number of the user's critical events.|
|g||View critical events||Click to see the user's critical events in Forensic Search.|
|h||Common risk scenarios in the last 90 days||
Shows the top risk scenarios for departing employees and the user's file event counts for each scenario.
The same risk scenarios are always shown, and do not change based on the user's file activity. To see the user's most active file activity by risk indicator, see the Risk indicators section of the report.