Risk Exposure dashboard reference
The Risk Exposure dashboard provides a look into the different types of file activity occurring across your Code42 environment, including employees placed on watchlists and those that have the most critical file activity. Use this dashboard to quickly identify when unusual activity is happening so that you can investigate further.
This article provides an overview of the Risk Exposure dashboard and links to learn more about each of the major areas.
Add trusted activity and data connections to focus your investigations on higher-risk file activity. Adding trust settings allows Incydr to show only untrusted file events on security event dashboards, user profiles, and alerts, reducing your total file event volume. All file activity is still visible in Forensic Search.
To use this functionality, Incydr users must be assigned specific roles. For more information, see Permissions for Incydr.
- Feature visibility:
This functionality is available only when supported by your product plan. Contact your Customer Success Manager (CSM) for assistance with licensing, or to upgrade to an Incydr product plan. If you do not know your CSM, please contact our Technical Support Engineers.
You must connect Code42 to at least one corporate business, cloud storage, or email service to see this download, file sharing, or attachment activity.
To edit risk settings, you must have the Insider Risk Admin or Insider Risk Analyst role. Users with the Insider Risk Read Only role can view risk settings, but not make changes.
Visibility of Incydr data is not limited by your Code42 organization hierarchy. Users with roles that allow access to Incydr features can view insider risk data for users in all organizations.
File events for Forensic Search and Alerts typically appear within 15 minutes of the file activity, while file events in the security event dashboards, All users list, watchlists, and the User Profile may take up to an hour to appear. As a result, you may see that the file event counts in alert notifications and Forensic Search differ from the event counts elsewhere. For more information about how long it takes for events to show up in Incydr, see Expected time ranges for events to appear.
The Risk Exposure dashboard
To view, sign in to the Code42 console. Click the logo in the upper-left or select Dashboards > Risk Exposure to return to the Risk Exposure dashboard at any time.
Click any of the links below for more information about that corresponding area:
- Trust activity: Code42 excludes trusted file activity as defined by your trust settings and any cloud data connections monitored by Code42
- Risk settings: Displays all risk indicators and associated scores.
- Selected time frame: The time period the file activity occurred in
- Organization summary: Shows the number of open alerts, users with critical events, users leaving your company today, and cases details. Click View on any of the tiles to see more information.
- Top users by critical activity: List of users with the most critical file activity across your Code42 environment
- Watchlists: Groups of users monitored more closely due to potentially higher data risks
- Source risk indicator activity: All of the events that occurred across your organization where a file came from a source likely to contain company data
- Destination risk indicator activity: All of the file events that occurred across your organization by destination risk indicator
- File risk indicator activity: All of the file events that occurred across your organization by file category group