IncydrTM Investigation Features

Quickly investigate data exposure and exfiltration events


What is Incydr?

Incydr is a SaaS data risk detection and response product that allows security teams to effectively mitigate data exposure and exfiltration risks without disrupting legitimate collaboration. Incydr offers intuitive investigation workflows and detailed evidence so you can quickly assess and respond to risk.

User Profiles
  • View any employee's computer and cloud activity within the context of their last 90-days of behavior.
  • Review user context such as the employee's name, title, department and manager.
  • See risk indicators -- such as off-hour file events -- to prioritize activity for investigation.
Forensic Search
  • Query an index of every file event that's happened in your organization over the past 90 days -- in seconds. Devices do not need to be online.
  • Search parameters are automatically populated based on the activity detected via alerts, dashboards and user profiles.
  • Use Forensic Search to perform exploratory investigation into Insider Risk, such as searching by file hash to determine who else has access to a file or how an employee obtained a file in the first place.
SIEM Integrations
  • Send Incydr file exfiltration events and alert information to your SIEM for correlation and triage.
  • Ingest events in JSON or CEF format on a scheduled or ad-hoc basis.
  • SIEM integration partners include Exabeam, LogRhythm, Splunk and SumoLogic.

Capabilities to quickly perform Insider Risk investigations

Historical activity trends
Investigate events in context using 90 days of historical user activity. This allows you to identify trends and abnormalities as well as see the chain of events leading up to a risky action.

File metadata
Access file metadata such as file name, owner, size, path, category (based on analysis of file contents and extension), created and modified dates and the MD5 and SHA 256 hashes.

File content access
Authorized security users can download the exact files involved in exposure events. This allows them to determine content confidentiality.

Device metadata
Review identifying device metadata including the hostname, FQDN, the OS username for the person logged in to the device, and private and public IP addresses.

Event metadata
See the event date and time, the event type, where the file event took place (computer, cloud, email), if risk indicators such as file mismatches or off hours activity were detected, and whether the activity involved trusted or untrusted domains.

Vector and exposure metadata
Review information on the type of exposure including domain names, active tab title and URL information for files uploaded via web browsers, removable media make, model, volume name, partition ID and serial number, and sync destinations.

Comprehensive event logs
Incydr monitors all file exposure activity regardless of what is considered acceptable or unacceptable by security policy. This ensures events are not missed and there are no gaps in context during insider threat investigations.

Company-wide search
Search by criterion such as filename or hash to find all users who have access to specific files. You can also search to view all instances of a given activity, such as resume uploads through web browsers.

Sr. Technical Program Manager Program and Portfolio Management

"Code42 worked with us to make our insider threat program a reality. The Code42 security success team helped validate and shape the program definition itself while the technical team was instrumental in enabling us to roll out the solution to our global fleet on a very aggressive timeline."

Senior Desktop Manager Infrastructure and Operations

"Excellent partner- Adds sophistication to portfolio. Allows for the easy implementation of an insider threat program as well as providing a lot of data from end points. Gives a high level of visibility over fleet and allows for a quick reaction across teams."


Incydr integrates with top technologies to help correlate data risks, deliver actionable insights and improve the efficiency and effectiveness of customer workflows.

See all integrations right arrow icon

Interested in a free trial?

For companies with 200+ employees, we’d like to give you our best product plan at no cost for 60 days, with no commitment whatsoever.