Skip to main content

Who is this article for?

Incydr Professional, Enterprise, Gov F2, and Horizon
Incydr Basic, Advanced, and Gov F1

Find your product plan in the Code42 console on the Account menu.
Not an Incydr customer? For CrashPlan articles, search or browse.

Instructor, no.

Incydr Professional, Enterprise, Gov F2, and Horizon, yes.

Incydr Basic, Advanced, and Gov F1, yes.

CrashPlan Cloud, no.

Retired product plans, no.

CrashPlan for Small Business, no.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Top users by critical activity reference

Overview

Top users by critical activity on the Risk Exposure dashboard shows a prioritized view of the users associated with the most critical and high severity file events. Top users by critical activity only shows events that occurred outside your trusted domains or in unapproved cloud destinations

The severity of file activity is defined by the risk scores you have set for various risk indicators in your Code42 environment. For more information about risk scores, see Risk settings reference

To see Top users by critical activity, sign in to the Code42 console and in the upper-left corner click Incydr. Click Incydr to return to the Risk Exposure dashboard at any time.

For more information about the Risk Exposure dashboard, see: 

Considerations

Top users by critical activity

Top users by critical activity

Item Description
a Selected time frame

Shows the time frame the file activity occurred in.

 

Changing the time frame updates all the data you see on the Risk Exposure dashboard and User Profiles.

b User

Displays a summary of the employee's information, including:

  • Name
  • Department* 
  • Title*
  • Watchlists the employee has been added to

*Displays this information if your Code42 environment uses provisioning. For more information, see Provision user attributes to Code42.

 

Click the user's name to open their User profile.

c

Critical events

Displays file events with an overall risk score of 9+. 

 

Risk scores are defined for individual risk indicators in Risk settings. For each file event, the score of each applicable risk indicator is added up to an overall risk score. The overall risk score determines the severity of each file event.

 

For more information about how risk scores are calculated and how risk scores applies to event severity, see Risk settings reference.

d High events

Displays file events with an overall risk score of 6-9. 

 

Risk scores are defined for individual risk indicators in Risk settings. For each file event, the score of each applicable risk indicator is added up to an overall risk score. The overall risk score determines the severity of each file event.

 

For more information about how risk scores are calculated and how risk scores applies to event severity, see Risk settings reference.

e Risk indicators

Shows the added risks that apply to a user's file events. For more information about risk indicators and their related risk scores, see Risk settings reference.

 

Risk indicators are listed in the following order:

  1. Destination risk indicators, alphabetically
  2. File risk indicators, alphabetically
  3. User risk indicators, alphabetically
f View details View event details Click to see more details about the file activity. 
g Watchlist badge Indicates if the employee is on a watchlist for closer monitoring and shows the name of the watchlist.
h View all users Click to see a list of all users in your Code42 environment.

View details

From Top users by critical activity, click View details to see more information about the user's file activity. 

View details about a user's file activity

Item Description
a Selected time frame

Shows the time frame the file activity occurred in. Change the time frame in the upper-right corner of the screen. 

b Actions

Do one of the following:

  • Click and select Add to watchlists to add the user to one or more watchlists for closer monitoring.
  • Click and select a custom action.
    • Incydr Flows connect other systems or workflows to Code42. These integrations can add contextual information about users and orchestrate response controls.
    • Custom actions are only available if your organization has worked with Code42 Professional Services to set up Incydr Flows and if you have the correct role.
Visibility of actions
You are only shown actions that you are allowed to access based on your Incydr role and your organization's product plan. For example: 

To add users to watchlists, you must have the Insider Risk Admin role, the Departing Employee Manager role (for the Departing watchlist), or the High Risk Manager role (for all other watchlists). For more information about adding users to watchlists see Manage watchlists.

To access Incydr Flows you must have the Insider Risk Respond role. For more information about Flows, see Introduction to Incydr Flows
c User

Displays a summary of the employee's information, including:

  • Name
  • Department* 
  • Title*
  • Watchlists the employee has been added to

*Displays this information if your Code42 environment uses provisioning. For more information, see Provision user attributes to Code42.

d

View profile View user profile

Opens the User Profile for the employee.
e Notes

Do one of the following:

  • Click Add Click to add notes to add more details to the user's profile.
  • Click Edit Edit user profile notes to modify existing notes.

Notes are limited to 1000 characters.

f Risk indicator events

Displays counts of each file event severity with associated risk indicators.

 

For more information about risk indicators, see Risk settings reference.

g Investigate in Forensic Search Investigate in Forensic Search Click to see more details about the file events in Forensic Search. Learn more about using Forensic Search.
h Filter Click to show filters that allow you to filter the list of events based on risk indicator or watchlist. To remove a selected filter, click it again. 
i By risk score Click to show file events by risk score in descending order.
j By date observed Click to show file events by the date the event occurred with latest events on top.
k View details Click to view details Click to view details about the file event. For detailed descriptions of each field, see File event metadata.
l Filename/Details

Shows filename, risk indicators, risk score, and other details pertaining to the file event.

 

If the filename is shown as a blue hyperlink, you can download the file from this location. If the filename is not a blue hyperlink, you may be able to download the file in Forensic Search.

To view all file events with more detail, click Investigate in Forensic Search Investigate in Forensic Search.

  • Was this article helpful?