1. Code42 Support
  2. Incydr
  3. Incydr administration

Administrator resources glossary

Updated

Overview

This article contains a list of administrator-related Incydr terms and definitions.

Some terms only apply to specific Incydr products or features
If you are unsure if a term applies to you, see Incydr product plans.

Definitions

Account password

The default encryption key option for backup archives, which requires the user's account password to access and restore backed up files. See archive key password and secured key for additional encryption key options.

Administration console

See Incydr console.

Adopt

See replace device.

Alert rules

Alert rules provide a flexible framework for defining and notifying security analysts about the known file exfiltration risks for your organization. Alert rules can also be configured to automatically send targeted, timely educational content to users in response to risky activity.

Archive

An archive contains backed-up data for a single device. Each archive is securely encrypted using an archive encryption key.

Archive key password

The password supplied when you enable the archive key password option for your archive’s encryption. If you enable this option, you must supply the archive key password to restore your files. See also account password and secured key.

Archive maintenance

A task that checks the health of each active backup archive on a regular schedule. Archive maintenance removes excess file versions, deleted files, and files no longer selected for backup. It also identifies and corrects corrupted data. 

Administrators can start archive maintenance manually from the Incydr console. Users can start archive maintenance from the backup agent with the Run Maintenance button.

Audit log

Audit Log is a record of user and administrator activities within your environment. Audit Log entries provide details about who performed an action, what changed, and when it happened. Audit Log captures configuration and setting changes initiated from the Incydr console, API, third-party integrations, and external provisioning providers. Audit Log records can help facilitate audits, improve security, ensure accountability, and troubleshoot issues.

Authentication

The process of identifying and verifying users. Methods for authentication include: 

  • Local Incydr directory
  • Single sign-on (SSO)
  • Multi-factor authentication (MFA)

Authentication provider

Allows access to Incydr. When enabled, users sign in using the authentication provider instead of Incydr. Examples of authentication providers include Okta, Google SSO, Ping, Entra ID (Azure AD), OneLogin, and Microsoft AD FS. 

Backup

  1. The group of files backed up to a specific location, which are also available to restore. Also known as “backup archive.”
  2. The operation in which files are sent and stored in the Incydr cloud, as in, “Your backup is in progress.”

Backup agent

The application installed on user devices responsible for backing up user files, managing backup settings, and restoring files.

Backup frequency

The setting for how often files and file revisions are backed up.

Backup set

A group of files backed up to a specific location or with specific settings.

Block

Devices, users, and organizations can be blocked. This is non-destructive, and no data is lost. Blocked devices continue to back up, but blocked users cannot sign in or restore files on any of their devices. Blocked organizations prevent all of that organization’s users from signing in or restoring files. A blocked user continues to use a license. Applies only to the backup agent.

Cases

A case stores information related to a security investigation and enables you to collect, organize, and retain evidence. Cases can be exported to share with other stakeholders as needed. Components of a case can include: file activity details (including all file event metadata and the file contents), user details, ‌contextual notes, and a summary of findings.

Code42 cloud

See Incydr cloud.

Code42 console

See Incydr console.

Code42 environment

See Incydr environment

Code42 service

The background process responsible for backup operations on a device running the backup agent.

Cold storage

Temporary holding state for backup archives after they are deactivated but before they expire and are permanently deleted. This is similar to a file in your computer’s Recycle Bin or Trash. A user who has an archive in cold storage still consumes a user license. Administrators can retrieve archives from cold storage throughout the cold storage retention period.

Compact

The final step of archive maintenance. Compaction reclaims disk space by removing the following from the backup archive: old file versions and old deleted files (according to user or administrator settings), and files no longer selected for backup.

Compression

A backup feature that reduces the size of files so they take less space and less time to send. The backup agent compresses files on the device before sending them to the Incydr cloud for backup, which increases the overall backup speed. This compression is lossless.

Custom key

An encryption key that is user-created (using the Passphrase or Generate options) and is used instead of the encryption key generated by the backup agent to encrypt the backup archive. The custom key option greatly increases user responsibility because there is no way to recover a backup if the custom key is lost or forgotten, and our Customer Champions have no way to help recover a custom key.

Data de-duplication

Process in which duplicate files (and parts of files) are identified and backed up only once. Data de-duplication runs on each source device.

Deactivate

Deactivating a user, device, or organization is a potentially destructive action that prevents access to the Incydr environment, stops Incydr monitoring, and stops backups for the affected users. Affected backup archives are temporarily moved to cold storage, then permanently deleted. 

Deauthorize

The action of signing out a user from the backup agent. The user can sign in again at any time, and no data is deleted. However, backup activity stops until the user signs in again.

Only applies to devices, and only applies to the backup agent. Users and organizations cannot be deauthorized. Users cannot be deauthoized from the insider risk agent.

Destination

Location where your files are backed up. For example: Incydr cloud storage.

Device

A single computer within your Incydr environment, identified by its GUIDMay be used interchangeably with endpoint

Early access

New features and functionality are considered early access (EA) when they are released to all Incydr customer environments, but still may undergo minor refinements and improvements before general availability (GA).

  • The Icon badge containing the letters EA icon may be used in Incydr products to indicate early access features and functionality.
  • Not all features and functionality have an EA release. Many features and functionality are considered GA upon initial release.
  • Some features and functionality apply only to specific product plans, so you may not see an EA feature if it is not included in your product plan.

Encrypt

Encode files so no unauthorized persons can read them.

Encryption key

A string that a cryptographic algorithm uses to encrypt files.

Endpoint

A single computer within your Incydr environment, generally running Incydr agent software and uniquely identified by its GUID. May be used interchangeably with device

Enhanced security

For backup archives, an encryption level upgraded from the standard security option. There are two enhanced security options: archive key password and custom key. Also called upgraded security.

External address

A device's public IP address.

External keystore

No longer supported

A service outside of Incydr that stores backup encryption keys for customers. 

File metadata

Data about a file. For example, file size, file type, date created, date last modified, etc.

Forensic Search

Forensic Search is a powerful search interface for investigating file activity across your organization. A wide range of search filters that cover both endpoint and cloud activity let you search for all activity monitored by Incydr. Results include comprehensive metadata for each file event, and also provide access to the file contents.

General availability

New features and functionality are considered generally available (GA) when they are released to all Incydr customer environments and there are no known refinements or improvements immediately necessary. However, GA features and functionality may continue to evolve and improve in future releases.

Some features and functionality apply only to specific product plans, so you may not see a GA feature if it is not included in your product plan.

GUID

  1. Globally Unique IDentifier. A number generated and assigned to each device in the Incydr environment. Used to associate each device with its backup archive.
  2. A backup agent command-line interface command to view and manipulate the GUID value for the current device.

Identity management

An IT administrative area or market that deals with users in a IT system and gives them access to the right resources within the system. 

Identity provider (IdP)

A general term to refer to a system that contains user identities. Identity provider can refer to a system performing authentication, provisioning, or both. Examples of identity providers include Okta, Google SSO, Ping, Entra ID (Azure AD), and OneLogin. 

Incremental backup

The process of saving only the parts of files that changed since the last backup.

Incydr browser extension

The Incydr browser extension works alongside the insider risk agent to improve browser activity monitoring and to enforce preventative controls.

Incydr cloud

The underlying software-as-a-service (SaaS) infrastructure that supports and powers Incydr products. "Incydr cloud" may be used as a general term to encompass many different functions. For example: the agents on user devices connect and send data to the Incydr cloud; backup archives are stored in Incydr cloud destinations.

Incydr console

The web-based interface for managing, viewing, and interacting with all aspects of your Incydr environment, including (but not limited to): insider risk detection and response (such as alerts, watchlists, preventative controls, cases, Forensic search, Instructor, and more), and administrative functions (such as managing users, agents, devices, organizations, integrations, and more).

Formerly called the "Code42 console" or "administration console."

Incydr environment

A broad term for all parts of an Incydr deployment, which might include the Incydr console, organizations, users, and agents. 

Formerly called the "Code42 environment."

Incydr Flows

Incydr Flows facilitate quick, no-code integrations to automate workflows between Incydr and other security and IT tools. These integrations can help speed your processes for detecting, investigating, and responding to insider risks. Incydr Flows require support from Incydr Professional Services to complete the initial set-up.

Initial backup

The very first backup performed on a specific source device. The initial backup of files takes significantly longer than later, incremental backups

Insider risk agent

The application installed on user devices responsible for monitoring endpoint activity to detect risk. The insider risk agent does not have a user interface. 

Insider risk management

Insider risk management (IRM) is the process of identifying, monitoring, and mitigating risks that originate from within an organization. These risks often involve the exfiltration of sensitive data by internal users. Incydr's approach to insider risk management detects risky behaviors and offers a variety of response controls to address these risks.

Instructor

Instructor provides user-friendly security education to inform employees about security best practices. Instructor lessons are non-accusatory and personable, which allows users to learn from their mistakes and build a positive relationship with the security team. Instructor can help promote and ensure data use policy compliance, enable and empower a more risk-aware workforce, and reduce accidental and negligent employee data leaks.

Legal hold

The process of using the backup agent to preserve selected files on a user’s device, if, for example, a lawsuit is anticipated. Legal hold provides a central, well-organized archive for the discovery of electronically stored information (ESI) on laptops and desktops in the event of litigation. 

Limited early access

New features and functionality are considered limited early access (LEA) when they are released only to specific Incydr customer environments, typically as a result of direct communication with your Customer Success Manager (CSM) or other Incydr personnel. Limited early access features and functionality may still require refinements and improvements before early access (EA) or general availability (GA).

Not all features and functionality have an LEA release. Many features and functionality are considered EA or GA upon initial release.

Local user

A user that is managed within Incydr. This means the user's credentials are stored in the Incydr database, rather than using a third-party authentication method like single sign-on. Additionally, the local user's authorization is managed within the Incydr console, not through a third-party authorization method. 

Organization

The hierarchical level in the Incydr environment for users and their devices. Each user can belong to only one organization. You can define many settings at the organization level; different organizations can have different settings. An organization can contain child organizations, and an organization can exist without containing any users.

Preventative controls

Preventative controls enable security personnel to restrict end users from performing specific actions, including uploading and pasting content in a web browser, mounting removable media, and sharing files via cloud services.

Provisioning provider

Automates user management. Applications like Incydr sync with a provisioning provider and then create, update, or remove users based on the provisioning provider's user profile. Examples of provisioning providers include Okta, Ping, and Entra ID (Azure AD). 

Real-time backup

The process of backing up files immediately after the files were created or changed. This protects you from loss that might occur if backups are scheduled only at specific times.

Registration key

A 16-character string that activates your licensing. The registration key is required to purchase user licenses or support plans.

Replace device

The process of a new device taking the place of a device that has been lost, stolen, sold, reformatted, etc. The replace device process is optional when a new device is added for an existing user. The replace device process transfers the backup archive, backup file selection, and backup settings to the new device. It also deactivates the other device so it can longer back up.

Restore

The process of retrieving backed up files the the backup destination.

SCIM provisioning

An open standard protocol for automating user management. 

Secured key

An archive encryption key that is protected with an account password (default security) or an archive key password (enhanced security).

Single sign-on (SSO)

SSO is one type of authentication method. It allows a user to use the same credentials to sign in to multiple applications.

Synchronize

A backup process where the source device and the storage destination compare what files the source has sent vs. what files are actually stored on the destination.

System property

An attribute that defines functions and features of the Incydr environment. System properties are usually enabled, disabled, or configured from the Incydr console command-line interface.

Trusted activity

Trusted activity settings specify locations you trust, such as domains, URLs, Slack workspaces, cloud accounts, and Git repositories. File activity in trusted locations does not appear in dashboards, user profiles, or alerts. However, trusted activity is still captured and searchable in Forensic Search.

User

A single account in your Incydr environment. A user account has a single set of sign-in credentials (username and password) and a single encryption key for all backups. A user always belongs to one (and only one) organization.

Version retention

Setting to specify how many versions of a file to keep over time. Removing older and less relevant versions can reduce the size of your backup archive. The default setting keeps more of your recent versions and fewer of your older ones.

Watchlist

A watchlist contains a group of users being monitored for risky file activity. Watchlist membership can be defined manually, or based on directory groups in external provisioning providers. Watchlists also enable you to implement preventative controls

Web restore

The ability to restore files from the Incydr console and download files from a web browser. Web restore is a secondary method of restoring files.

Windows user profile backup

This feature uses Microsoft's User State Migration Tool (USMT) to create a backup of user profile settings. Administrators can download the user profile to a new device as part of the replace device process.