Introduction to adding data connections

Overview

To help protect you from data loss, you can use Code42 to monitor:

  • Reports that are exported from your business data in Salesforce
  • Files that are shared in corporate cloud storage environments (for example, Box, Google Drive, and OneDrive)
  • Attachments that are sent through email services (such as Office 365 Outlook)

You can also connect other third-party systems or workflows to Code42 via Incydr Flows, speeding the process for detecting, investigating, and responding to insider risks.

This article introduces data connections and Incydr Flows, how to plan for and implement them, and how to view their data and troubleshoot issues in Incydr.

Plan for and implement data connections and Incydr Flows

To connect Incydr to a vendor environment, you generally complete these steps:

  1. Learn about data connections and Incydr Flows.
  2. Confirm you have the correct licensing for your vendor environment.
  3. For data connections, identify the users who are in scope for monitoring by the connector.
  4. Understand the permissions required and the access that those permissions grant the connector in the vendor environment.
  5. Complete any configuration required in the vendor environment in preparation for the connection.
  6. Authorize the connection in Incydr.
  7. For data connections, locate and view file activity in Incydr.
  8. Troubleshoot issues as they arise.

Confirm vendor licensing

Code42 data connections require certain licensing in your vendor environment in order to connect to it. See Vendor license requirements for Code42 data connections for more information.

For Incydr Flows, Code42 Professional Services can provide details on any additional licensing that's required. Contact your Customer Success Manager (CSM) to engage the Code42 Professional Services team.

Plan user scoping

"Scoping" a data connection involves identifying the users you want the connection to monitor while excluding low risk users, service accounts, or other "users" that don't generate meaningful file activity. For more information, see Scope a data connection.

Note that the Code42 Salesforce data connection only monitors the users who are both in scope and also have the "Report export" permission in that environment. For more information, see Identify Salesforce users with the "Report export" permission.

Understand permissions

When you connect Code42 to a vendor environment, you grant Code42 a number of permissions in that environment during the authorization process. For more information on these permissions and what they allow Code42 to do, see the following articles:

For Incydr Flows, Code42 Professional Services can provide details on any permissions that are required. Contact your Customer Success Manager (CSM) to engage the Code42 Professional Services team.

Complete vendor configuration

Both Code42 data connections and Incydr Flows require that you complete some additional configuration in the vendor environment before you can connect Code42 to it. For more information, see these articles:

Email data connections for Gmail and Microsoft Office 365 email do not require any additional configuration.

View file activity in Incydr

After you connect to the vendor environment, Code42 detects file activity in that environment and displays those details in various areas in Incydr (such as on dashboards, in Forensic Search, in alert notifications, and in user activity). For more information, see:

Incydr Flows don't show file activity directly in Incydr. Instead, Incydr Flows either:

  • Complete tasks within Incydr (such as adding employees to watchlists for additional monitoring) based on information from vendor systems
  • Send notifications to security analysts in other systems (such as Slack or Microsoft teams) based on user activity that has triggered an alert in Incydr.

For more information, see Introduction to Incydr Flows.

Considerations

  • You can register a Google Workspace (formerly G Suite) or Microsoft 365 account in a single Code42 environment only:
    • Once as a cloud storage connection, to monitor file movement in Google Drive or OneDrive locations
    • Once as an email service connection, to monitor file attachments emailed from Gmail or Office 365 Outlook accounts
    You cannot register the same account as more than one cloud storage or email service data connection. For example, you cannot register a Google Drive cloud storage data connection scoped to your Accounting users and a second Google Drive cloud storage data connection scoped to Development users when they belong to the same Google Workspace account.
  • You can only register a Google Workspace or Microsoft 365 account for one Code42 environment at a time. For example, you cannot register a OneDrive cloud storage data connection in one Code42 environment and an Office 365 email service connection in another Code42 environment when both belong to the same Microsoft 365 account.
  • You can register two (or more) unique Google Workspace or Microsoft 365 accounts as long as these accounts are not associated in any way.
  • Code42 only monitors one domain in a Google Workspace account even though multiple domains may exist in that account. Code42 monitors only the domain associated with the administrator email address that was used to register the Google Drive or Gmail service.
  • Incydr Flows are not available in the Code42 federal environment.