Watchlists reference
Overview
Employees whose roles, behaviors, and access increase risk to the company can be monitored more closely for concerning file activity with watchlists. Protect data by monitoring high-risk employees such as those who:
- Are about to leave the company or have just joined the company and may not be aware of your security practices.
- Have privileged system access or access to intellectual property and other confidential data.
- Seem dissatisfied with their jobs (for example, were turned down for a promotion or have teammate conflicts) or have raised concerns about their performance (from a negative review, demotion, or a performance improvement plan).
- Work remotely, travel frequently and work on a variety of networks, or are temporary contractors.
- Have poor security awareness as shown by consistently falling for phishing tests, failing security training, or using unsanctioned tools in their jobs.
For more information about how to create or edit a watchlist and how to use them to monitor risky activity in your Code42 environment, see Manage watchlists.
Considerations
Watchlists
Item | Description | |
---|---|---|
a | Navigation pane |
Click the expand |
b | Actions | Shows summary information about the watchlist and provides options to modify it. |
c | List of users | Shows all of the users on the currently selected watchlist, sorted by the highest number of critical-severity file events, then by high-severity file events. |
Navigation pane
Item | Description | |
---|---|---|
a | Expand ![]() ![]() |
Click the expand or collapse button to show and hide the watchlists that have been created. |
b | Add new | Click to create a new watchlist. If you have created all the recommended watchlists and reached the limit of 25 custom watchlists, the Add new button is not visible. |
c | Watchlists | Lists the existing watchlists. Click a watchlist name to see the users on that list and their file activity. |
d | Users with critical file activity | Shows how many users on that watchlist have critical file activity. Click a watchlist name to see the users on that list and those with critical file activity. |
Actions
Item | Description | |
---|---|---|
a | Risk indicator |
For the Departing watchlist only, identifies the risk indicator and point value that is added to the file events of any user on this watchlist.
For more information about risk indicators and how they work, see Risk settings reference. |
b | Trust settings ![]() |
|
c | Search | Enter a Code42 username to find file activity for a specific employee on the current watchlist. This searches across your entire Code42 environment and includes deactivated users. |
d | Selected time frame | Shows the time frame in which the file activity occurred. Click to change the time frame. |
e | Add alerts / Edit alerts / View alerts |
Click to add or remove alerts from the watchlist:
Click View alerts to see the alerts set up for that watchlist. (If you see View alerts, you do not have the necessary permissions to edit alerts.) |
f | Add users / Edit users |
Click to add users or remove users from the watchlist:
|
g | Actions ![]() |
Delete watchlist: Any users and alerts assigned to the watchlist are removed from the watchlist.
Edit title and description (custom watchlists only): Click to change the watchlist name or its description. |
h | Quick filters | Click View users on any of the filters to only see employees in the list with file events of that severity. |
List of users
View details
From the list of users, click View event details to see more information about a user's file activity.