Speed your time to respond to insider threat incidents

Code42 Response Features

Code42 is a SaaS insider risk detection and response solution that allows security teams to effectively mitigate data exposure and exfiltration risks without disrupting legitimate collaboration. Code42's high-fidelity information expedites both human and technical insider threat response actions.

Use SOAR Platforms to Automate Response
  • Send Code42 alerts and associated event data to your SOAR platform to investigate risky file activity across endpoints, email and cloud.
  • Use insider threat playbooks to close insider threat incidents at speed and scale.
  • Leverage automation to programmatically add departing employees to a Code42 risk detection lens.
  • Pre-built SOAR platform integrations include Palo Alto Networks Cortex XSOAR, Splunk Phantom and IBM Resilient.
Perform User Outreach to Remediate
  • Some insider threat responses are best handled through personal outreach.
  • Code42 provides the information needed to confront an employee and require remediation.
  • Personal outreach is generally performed by security, management, HR or legal teams members.
Improve Security Awareness via Training
  • Not all insider risk is malicious. Often, employees are just trying to get their work done quickly.
  • Code42 can be used to inform insider threat programs and security awareness strategies.
  • Security teams can use visibility provided by Code42 to identify employees who require additional security awareness training.
Preserve Files for Potential Litigation
  • Some insider threat incidents require legal action.
  • Code42 has built-in functionality to place users on a legal hold to preserve their files for litigation.
  • Legal hold can be performed remotely without user knowledge.
  • Files can be retained indefinitely, even if an employee has left the company.

Capabilities to quickly remediate insider threat incidents

Incident escalation
Use information supplied by Code42 to escalate insider threat incidents to the employee's manager, HR or legal counsel.

SIEM Integrations
Code42 supports sending file events and alert information to an organization's SIEM for file event correlation and triage. This allows Code42 data to be applied to SOC workflows.

Splunk Phantom integration
Code42 delivers valuable data exfiltration information to Splunk which in turn powers the Splunk Security Operations Suite.

IBM Resilient integration
The Code42 and IBM Resilient integration enables security teams to create powerful, agile workflows that can automate the response process.

Palo Alto Networks Cortex XSOAR integration
Code42 integrates with Palo Alto Networks Cortex XSOAR to deliver accelerated insider threat incident response and automated remediation of potential data exfiltration across computers, email, cloud and SaaS apps.

Legal hold
Code42 has built-in functionality to perform a preserve-in-place legal hold on computer files. This can be performed remotely without user knowledge. Files can be ingested into eDiscovery platforms.

File recovery
Code42 can recover files, including deleted files and previous file versions. Authorized security users can restore a single file, multiple files, or even an entire device. Files can be downloaded or restored to a target device.


Code42 integrates with top technologies to help correlate data risks, deliver actionable insights and improve the efficiency and effectiveness of customer workflows.

Learn more right arrow icon