IncydrTM Response Features

Speed your time to respond to Insider Risk incidents

Launch Interactive Demo

What is Incydr?

Incydr is a SaaS data risk detection and response product that allows security teams to effectively mitigate data exposure and exfiltration risks without disrupting legitimate collaboration. Incydr's high-fidelity information expedites both human and technical Insider Risk response actions.

Speed decisions.
Take a right-sized response.

There's no one-size-fits-all response to Insider Risk. Actions taken depend on employee intent, past behavior and incident impact. Incydr's Cases feature provides an efficient way to compile, document and disseminate pertinent investigation details so security can make a fast and informed decision about how to respond.

Use SOAR Platforms to Automate Response
  • Send Incydr alerts and associated event data to your SOAR platform to investigate risky file activity across endpoints, email and cloud.
  • Use Insider Risk playbooks to close Insider Risk incidents at speed and scale.
  • Leverage automation to programmatically add departing employees to a Incydr Risk detection lens.
  • Pre-built SOAR platform integrations include Palo Alto Networks Cortex XSOAR, Splunk Phantom and IBM Resilient.
Perform User Outreach to Remediate
  • Some Insider Risk responses are best handled through personal outreach.
  • Incydr provides the information needed to confront an employee and require remediation.
  • Personal outreach is generally performed by security, management, HR or legal teams members.
Improve Security Awareness via Training
  • Not all Insider Risk is malicious. Often, employees are just trying to get their work done quickly.
  • Incydr can be used to inform Insider Risk programs and security awareness strategies.
  • Security teams can use visibility provided by Incydr to identify employees who require additional security awareness training.

Capabilities to quickly remediate Insider Risk incidents

Incident escalation
Use information supplied by Incydr to escalate Insider Risk incidents to the employee's manager, HR or legal counsel.

SIEM Integrations
Incydr supports sending file events and alert information to an organization's SIEM for file event correlation and triage. This allows Incydr data to be applied to SOC workflows.

Splunk Phantom integration
Incydr delivers valuable data exfiltration information to Splunk which in turn powers the Splunk Security Operations Suite.

IBM Resilient integration
The Incydr and IBM Resilient integration enables security teams to create powerful, agile workflows that can automate the response process.

Palo Alto Networks Cortex XSOAR integration
Incydr integrates with Palo Alto Networks Cortex XSOAR to deliver accelerated Insider Risk incident response and automated remediation of potential data exfiltration across computers, email, cloud and SaaS apps.


"Excellent product for quickly tracking data movement within your organization. The Code42 team has been quick to take customer feedback to create dashboards that provide meaningful data. At a quick glance at Incydr dashboards, you can see who your high risk employees are, track top file activity, and top file destinations. Highly recommend for incident response and insider threat teams."

Security Operations Manager Security and Risk Management

"Overall we have liked the product. Automation from Xsoar allows us to automatically move users to different risk groups based on other situational awareness. Visibility into file movement, especially to cloud file storage or via web-based email is fantastic and gives us confidence that high-value data is not leaving the organization."


Incydr integrates with top technologies to help correlate data risks, deliver actionable insights and improve the efficiency and effectiveness of customer workflows.

See all integrations right arrow icon

Interested in a free trial?

For companies with 200+ employees, we’d like to give you our best product plan at no cost for 60 days, with no commitment whatsoever.