Skip to content

How It Works

Incydr™ Is A SaaS Solution With An Extensible Cloud Architecture

Graphic imagery for how Incydr works

Spend less time administrating and more time protecting data

What to expect

Incydr monitors all the places your data lives to identify when files move outside your trusted environment. It prioritizes the highest risk employee activity using 60+ contextual Incydr Risk Indicators (IRIs). Watchlists allow you to programmatically protect data when files are most at risk, such as during employee departure. Incydr offers a wide range of controls to contain, resolve and educate on events via Incydr Flows and SOAR. Without a lot of resources, you’ll gain control over the data leaving your organization today, and drive the secure work habits needed to decrease risk to data in the future.

Cross-platform endpoint agent

  • Windows, Mac, Linux
  • 0-4% CPU, ≤ 35MB memory

Incydr Exfiltration Detectors

  • Cloud: OneDrive, Google Drive, Box
  • Email: Office365 and Gmail
  • Apps: Salesforce

Developer resources

  • Open API with published documentation
  • SDK & CLI


  • IAM & PAM
  • SIEM
  • HRIS

3 ways Incydr mitigates risk to data

Pinpoints Exposure

Defined and Inferred Trust capabilities automatically distinguish between trusted activity and data exposure.

Read White Paper
Prioritizes Risk

More than 60+ Incydr Risk Indicators transparently score and prioritize risky file activity.

Read White Paper
Informs Response

Take a right-sized response via Incydr Flow or SOAR to contain, resolve and educate risks.

Read White Paper

Tech that stands out

Comprehensive exfiltration detection

In addition to endpoints, Incydr monitors corporate cloud, email and business applications at the source using API-based integrations.

Unmatched browser detection 

See exactly where files are being uploaded, with support for bulk uploads and multiple tabs. No proxies or browser plug-ins.

Downloads to personal devices

Identify when files are downloaded from corporate systems such as Salesforce to unmanaged devices such as personal laptops or phones.

No-gap file monitoring

Identify untrusted activity without policy management. There’s no gap in monitoring since even trusted activity is logged for reference.

Access to exfiltrated files

Download and view the actual contents of exfiltrated files to verify their sensitivity and value. Retain files as evidence.

Queryable metadata index 

Easily query an organization-wide index of all metadata with no strain on endpoints. No physical device access needed for investigation.

Simple UI, powerful workflows

Incydr’s intuitive interface and use case-driven approach make it easy to onboard new analysts with nearly no learning curve.

Product Overview

How Incydr™ Works: A Technical Overview of the Incydr Product Architecture


Powerful integrations to build your security ecosystem


SOAR playbooks leverage Incydr’s context-driven alerts to automatically initiate right-sized response controls to contain, resolve and educate on data leak events via technologies like IAM, PAM and EDR/XDR.

Learn More


Incydr sends prioritized alerts with contextual Incydr Risk Indicator intel to your SIEM, allowing you to streamline your SOC triage process through a central workflow. A single click brings you to Incydr for investigation and follow up.

Learn More


Incydr Flows with HR Information Systems allow you to automatically add users to Watchlists based on user attributes and lifecycle milestones. For example, automatically add all departing employees to a Watchlist for enhanced monitoring before their departure.

Learn More


Incydr Flows with IAM platforms allow you to automatically add users to Watchlists as well as contain data exposure by removing user access to applications when data risk is detected.

Learn More


Incydr Flows with PAM platforms allow you to automatically add users to Watchlists as well as contain data exposure by removing user access to sensitive vaults when data risk is detected.

Learn More

Learn why the most innovative organizations use Code42 Incydr

Get faster detection, investigation and response to data loss caused by insider threats.

Contact Sales