Skip to main content

Who is this article for?

Incydr Professional, Enterprise, Gov F2, and Horizon
Incydr Basic, Advanced, and Gov F1

Find your product plan in the Code42 console on the Account menu.
Not an Incydr customer? For CrashPlan articles, search or browse.

Instructor, no.

Incydr Professional, Enterprise, Gov F2, and Horizon, yes.

Incydr Basic, Advanced, and Gov F1, yes.

CrashPlan Cloud, no.

Retired product plans, no.

CrashPlan for Small Business, no.

Code42 Support

Review unusual file activity with the Risk Exposure dashboard


The Risk Exposure dashboard shows file activity from throughout your entire Code42 environment to help you catch data exposure or loss as soon as possible. This article gives examples of what you can do to investigate unusual activity that may appear on this dashboard. 

Use the Risk Exposure dashboard to see when: 

  • High risk or departing employees are putting data at risk
  • Any employee in your organization is moving a lot of files
  • File activity occurs on out-of-network IP addresses
  • Files are added to unsanctioned cloud services 
  • Files are shared publicly via direct link
  • Files are copied to removable media or read by a browser or other app
Investigate before responding
Incydr identifies potential risks, and file event metadata is just one piece of information that contributes to an investigation. Use data from Incydr as a starting point to determine if the activity is a legitimate threat.


Differences in file event counts
File events for Forensic Search and Alerts typically appear within 15 minutes of the file activity, while file events in the security event dashboards, All users list, watchlists, and the User Profile may take up to an hour to appear. As a result, you may see that the file event counts in alert notifications and Forensic Search differ from the event counts elsewhere. For more information about how long it takes for events to show up in Incydr, see Expected time ranges for events to appear.

Example use cases 

From the Risk Exposure dashboard, you can quickly assess how many file events are happening from your departing and high risk employees as well as across your entire organization. 

Expand a section below to see an example scenario and procedure of how to use the Risk Exposure. 

Review the recent file activity of a high risk or departing employee

Review the file activity of your most active users

Review file activity occurring on unsanctioned cloud services

Review files saved to removable media

Review files moved to a source code repository

Review files made publicly available in a cloud service

Review files sent from your corporate email

  • Was this article helpful?