Watchlists reference
Overview
Employees whose roles, behaviors, and access increase risk to the company can be monitored more closely for concerning file activity with watchlists. Protect data by monitoring high-risk employees such as those who:
- Are about to leave the company or have just joined the company and may not be aware of your security practices.
- Have privileged system access or access to intellectual property and other confidential data.
- Seem dissatisfied with their jobs (for example, were turned down for a promotion or have teammate conflicts) or have raised concerns about their performance (from a negative review, demotion, or a performance improvement plan).
- Work remotely, travel frequently and work on a variety of networks, or are temporary contractors.
- Have poor security awareness as shown by consistently falling for phishing tests, failing security training, or using unsanctioned tools in their jobs.
For more information about how to create or edit a watchlist and how to use them to monitor risky activity in your Code42 environment, see Manage watchlists.
Considerations
Watchlists
To access watchlists:
- Sign in to the Code42 console.
- Go to User Activity > Watchlists.
Item | Description | |
---|---|---|
a | Trust settings | |
b | Selected time frame | Shows the time frame in which the file activity occurred. Click to change the time frame |
c | Create watchlist |
Click to create a new watchlist. |
d | Departing watchlist |
Shows the number of users on the Departing watchlist with departure dates and when they are leaving |
e | Watchlist recommendations |
Shows the watchlists that are recommended by Code42 |
f | All watchlists |
Shows all of the watchlists that exist in your Code42 environment as well as the number of users on the list, how many users have critical events, how the users were assigned to the list (groups or individual additions), and risk indicators.
|
Watchlist details
Item | Description | |
---|---|---|
a |
Identifies the risk indicator and point value that is added to the file events of any user on this watchlist.
For more information about risk indicators and how they work, see Risk settings reference. |
|
b | Trust settings | |
c | Search | Enter a Code42 username to find file activity for a specific employee on the current watchlist. This searches across your entire Code42 environment and includes deactivated users. |
d | Selected time frame | Shows the time frame in which the file activity occurred. Click to change the time frame. |
e | Edit alerts | Click to see and modify the alerts currently used for the watchlist. |
f | Edit users |
Click to add users or remove users from the watchlist:
|
g | Action menu |
Edit title and description: Click to change the watchlist name or its description.
Delete watchlist: Any users and alerts assigned to the watchlist are removed from the watchlist.
|
h | Watchlist settings |
Shows the following:
Click Edit |
i |
Departures (Departing watchlist only) |
For the Departing watchlist, shows upcoming departures and the number of users leaving today with critical events. |
j | User activity by severity | Shows the number of users with file events of each level of severity. Click a severity to see the list of users filtered to show those users with file events of that severity. |
k | List of users | Shows all of the users in your Code42 environment sorted by the highest number of critical-severity file events, then by high-severity file events. |
List of users
View details
From the list of users, click View event details to see more information about a user's file activity.