IncydrTM Response Flows

Get started

What are Incydr Response Flows?

Incydr Response Flows orchestrate controls to mitigate corporate data leak when Insider Risk events are detected. Containment, resolution and educational controls are automated based on the severity of the event. They are delivered through integrations with systems like IAM, PAM, EDR and ITSM.


Take action at the user, device, or network level so that no further data exposure will take place while security investigates.

Containment Controls

Incydr Response Flow

Conditional access controls

Incydr + Okta Flow

Stop local sync apps

Incydr + CrowdStrike Flow

Revoke access to sensitive safes

Incydr + CyberArk Flow

Disable USB ports

Incydr + CrowdStrike Flow

Lock device

Incydr + Jamf Flow

Network contain the endpoint

Incydr + CrowdStrike Flow


Address and remediate the data exposure event that was originally detected by Incydr.

Resolution Controls

Incydr Response Flow

User inquiry

Incydr + Slack Flow

Resolve over remote screenshare

Incydr + Zoom or GoogleDrive Flow

Resolve with attestation of deletion

Incydr + DocuSign Flow

Escalate to manager, HR or legal

Incydr + JIRA or ServiceNow Flow


Reduce future instances of data exposure so that an organization’s Insider Risk posture improves over time.

Education Controls

Incydr Response Flow

Assign security awareness training

Incydr + KnowBe4 Flow

Send a reminder of corporate data use policies

Incydr + DocuSign Flow

Featured Use Case

Contain source code leaks with Incydr Flows

User Action

User Action: An engineer disguises a source code file to look like a personal .jpeg file. They AirDrop this file to their mobile device.

Incydr IRI

Incydr IRI: Incydr alerts that it has detected a suspicious file mismatch IRI.

Containment Control

Containment Control: This triggers CrowdStrike to network contain the users endpoint.

Incydr Context Flows

Incydr Context Flows enhance Incydr’s signal by ingesting user attributes, such as employment milestones, departure or elevated access credentials from corporate IAM, PAM and HCM systems. With user context from these systems, Incydr Flows automatically adds users to alert rules or risk detection lenses when they are considered a high risk user.