Skip to main content

Who is this article for?

Incydr Professional, Enterprise, Horizon, and Gov F2
Incydr Basic, Advanced, and Gov F1

Find your product plan in the Code42 console on the Account menu.
Not an Incydr customer? For CrashPlan articles, search or browse.

Instructor, no.

Incydr Professional, Enterprise, Horizon, and Gov F2, yes.

Incydr Basic, Advanced, and Gov F1, yes.

CrashPlan Cloud, no.

Retired product plans, no.

CrashPlan for Small Business, no.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Trusted activity

Overview

Use the Data Preferences settings for Trusted activity to define domains, URLs, Slack workspaces, and cloud accounts you trust.

Adding trusted activity prevents file activity in these locations from appearing on dashboards, user profiles, and alerts. However, trusted file activity is still captured and searchable in Forensic Search.

Considerations

To use this functionality, your role must have permissions to view and modify data preferences.

How it works

  • File events are considered trusted when an entry in your list of trusted activity matches file event metadata for the Active tab titles and URLs and Destination > User fields. 
  • If there is more than one domain associated with an event, all domains must be included in your list of trusted domains for the event to be trusted. If any domain associated with event is not in your list of trusted domains, the event is not trusted.
  • Trusted file activity is excluded from:

Configure trusted activity

To access trusted activity settings:

  1. Sign in to the Code42 console.
  2. Navigate to Administration > Environment > Data Preferences.
  3. Select the Trusted activity tab.

Trusted activity list

Item Description
a Add trusted activity

Click to add trusted activity and select a type:

 

Domain

Trusts a wide variety of activity across an entire domain, including files uploaded via a web browser, sent from cloud sync apps installed on user devices, and shared via cloud or email services monitored by Incydr. See Domain below for complete details.

 

Specific URL path

Trusts browser uploads to only part of a domain. For example, adding the URL path github.com/company trusts uploads only to the "company" repository and not to all of github.com. See Specific URL path below for complete details.

 

Slack workspace

Trusts files uploaded in a specific Slack workspace. See Slack workspace below for complete details.

 

Account name
OneDrive and Dropbox only
For cloud sync apps installed on user devices, trusts activity in a specific account. For example, specifying the name of your corporate account enables you to trust that activity, without trusting activity in personal accounts. See Account name below for complete details.

b Trusted activity The location of activity to be trusted.
c Applies to

Indicates if the entry applies to a Domain, Specific URL path, or Slack workspace.

d Description An optional field to provide additional context or details.
e Last modified

Indicates the time this entry was last modified and the user who made the change. File activity is trusted starting the date it is added to this list. Previous file activity is considered untrusted.

 

To see what changed, review the Audit Log and filter for Domain changed, Slack Workspace changed, or URL changed events.

f Edit Click to edit the trusted activity value and/or the description.
g Actions Click to delete this entry.

Domain

Adding trusted activity for a domain gives you the option to trust a wide variety of activity across the domain, including files uploaded via a web browser, sent from cloud sync apps installed on user devices, and shared via cloud or email services monitored by Incydr.

Maintain confidentiality for users reporting misconduct
If your organization has established processes for users to report unethical behavior, harassment, discrimination, or other types of misconduct, consider adding the associated URLs to your list of trusted domains. For example, adding report-misconduct.example.com would prevent file activity on that domain from appearing on Code42 dashboards, user profiles, and alerts.

Add trusted domain

Watch the video below for an overview of how to define a trusted domain. For more videos, visit the Code42 University.

Syntax and formatting requirements
  • Do not include https:// .
  • Including www is optional. The www prefix is ignored when evaluating trust.
  • Only the domain is evaluated for trust. The protocol (https://) and characters after the top-level domain (TLD) are ignored. For example, for file activity on https://subdomain.corp.example.com/pages, only subdomain.corp.example.com is evaluated for trust.
  • For email activity, a value of example.com trusts activity from all users with email addresses on the example.com domain. Trusting specific email addresses is not supported.
  • Optionally, use the asterisk (*) character as a wildcard for partial domain names. For example, enter *.example.com to trust all subdomains of example.com. See more guidance and warnings about wildcards below.
  • Review the Recommendations and Examples tabs on the add/edit screen for additional guidance.

Trusted scope

The Trusted scope settings enable you to define more specific criteria for which activity on a domain is trusted. Select one or more options:

  • Files uploaded to this domain via a web browser: Activity is trusted if the domain is included in the browser URL or tab title. 
  • Files synced to cloud storage by desktop apps: Activity is trusted if the username signed in to the cloud sync app is on the domain. Click Edit to adjust which specific apps are trusted.  
  • Files shared from a cloud storage service monitored by Incydr: Activity is trusted if the user it's shared with is on this domain. Click Edit to define which cloud storage services are trusted. 
  • Files shared from an email service monitored by Incydr: Activity is trusted if the email recipient is on the domain. Click Edit to choose which email services are trusted.
Editing trusted scope details
Clicking the Edit link enables you to better identify risk in unmonitored locations. For example, if your company's only approved cloud storage solution is OneDrive, deselect Box and iCloud to define that activity as untrusted, even if the email address signed in to the account is on your domain.

Wildcards

Use wildcards carefully to minimize risk
Using a wildcard character may lead to unintentionally trusting unknown or malicious domains.

A trusted domain value of example* trusts not only example.com, but also any domain starting with example, such as example.fake.com, examplenotyourrealdomain.com, and example.info.

To trust both a parent domain and all subdomains, do not use an overly inclusive wildcard value, such as *example.com. Instead, add these two values to minimize risk:

  • example.com
  • *.example.com

Since the first entry does not include a wildcard, it only trusts activity that matches the example.com domain exactly. In the second entry, including a period (.) after the wildcard ensures only subdomains of your legitimate domain are trusted.

Specific URL path

Specific URL path entries trust activity for only part of a domain. For example, adding the URL path github.com/company trusts uploads only to the "company" repository and not to all of github.com.

  • The combination of domain and path define trusted activity.
  • All sub-directories of a path are also trusted. For example, an entry of github.com/company also trusts uploads to github.com/company/repository.
  • The path portion of the URL can contain wildcards (*), but the domain cannot include wildcards.
  • Do not include the protocol or query parameters. They are ignored when evaluating trust.

Example of URL structure showing the protocol, domain, path, and parameters. Only the domain and path sections of the URL are evaluated. The protocol characters at the beginning, such as “https://“, and query parameters at the end following a ? are ignored. For example, in the URL https://github.com/company/respository/commit/abc?branch=123, only the domain and path of github.com/company/respository/commit/abc are evaluated.

Watch the video below for an overview of how to define a trusted specific URL path. For more videos, visit the Code42 University.

Slack workspace

Trusting only specific Slack workspaces enables you to better identify risk in external Slack workspaces you don't control. For example, adding your corporate Slack workspace trusts file activity only within that workspace. Files shared in other workspaces are not trusted.

  • Only enter the workspace name (for example, "Acme Co."). Do not enter the entire workspace URL.
  • Wildcards are not supported in workspace names. If you include the * character, it is evaluated as part of the workspace name.

Watch the video below for an overview of how to define a trusted Slack workspace. For more videos, visit the Code42 University.

Account name

OneDrive and Dropbox only

Add your corporate cloud account name to trust file activity only within that account. This helps you better identify risk in personal accounts you don't control.

OneDrive

To trust a OneDrive account:

  1. On a user device, find the OneDrive sync folder for the corporate account you trust. For help locating this folder, visit Microsoft Support.
  2. In the Code42 console:
    1. From the list of cloud services to trust, select OneDrive.
    2. Enter the complete folder name in the Account name field. For example, OneDrive - Acme Co.
    3. Click Save.
Dropbox

To trust a Dropbox account:

  1. Sign in to dropbox.com with your administrator credentials.
  2. Select Admin console > Settings > Team profile. Note the Display name.
  3. In the Code42 console:
    1. From the list of cloud services to trust, select Dropbox.
    2. In the Account name field, enter the Display name plus the word "Dropbox." For example, if your Display name is "Acme Co," enter "Acme Co Dropbox".
    3. Click Save.

Trusted activity - Account name

Account name considerations
  • For OneDrive, trust is only evaluated for OneDrive for Business accounts. Personal accounts cannot be trusted.
  • For OneDrive, the sync folder name on user devices is determined by the name in your Microsoft console at the time the sync folder was created. Therefore, if your Microsoft account name has ever changed, you may have devices with different sync folder names. Add a separate trusted activity entry for each unique sync folder name in your environment.
  • Wildcards are not supported in account names. If you include the * character, it is evaluated as part of the account name.
  • Incydr Professional, Enterprise, Horizon, and Gov F2 require Code42 app version 1.5.0 or later for OneDrive and version 1.6.0 or later for Dropbox.
  • Incydr Basic, Advanced, and Gov F1 require Code42 app version 10.3.0 or later.

Trusted domain examples

The table below provides examples of whether file activity is trusted based on the combination of the trusted domain entry and where the file activity occurred.

  • Yes = Activity on this domain is trusted for the supplied trusted domain entry
  • No = Activity on this domain is not trusted for the supplied trusted domain entry                                                            
  Trusted domain entry
   <<<   More secure                                                                                    Less secure  >>>
Activity on: example.com *.example.com example *example.com example* *example*
www.example.com Yes No No Yes Yes Yes
https://subdomain.example.com No Yes No Yes No Yes
www.not-example.com No No No Yes No Yes
www.example.fake.com No No No No Yes Yes
first.last@example.com Yes No No Yes Yes Yes
  • Was this article helpful?