Skip to content

Incydr™ Proof Of Value Guide

Your go-to resources for everything related to the Incydr POV.

What to expect during your Incydr POV

The Incydr Proof of Value takes the traditional proof of concept up a notch. This 4 week product experience will not only demonstrate the signal, simplicity and speed of Incydr’s functionality, but also validate how the use of Incydr will tangibly improve your organization’s Insider Risk posture.

Get Started

Estimated time: 60 min

  • POV experience overview
  • Deploy agents to test machines
  • Code42 team members involved during kick-off include: Account Executive (AE), Systems Engineer (SE), POV Deploy Services (PDS)
  • Your team members involved during kick-off include: Security Stakeholder, Desktop Deployment Engineer, Technical Decision Maker, Technical Sponsor
Helpful materials for Day 1

Introducing Incydr

Mitigate Insider Risk without disrupting collaboration

Incydr gives you the visibility, context and control needed to stop data leak and IP theft.

Understand your risk

Detect file exfiltration via web browsers, USB, cloud apps, email, file link sharing, Airdrop, and more.

View Detection Features
Review only what matters

Incydr uses Watchlists to programmatically protect data from employees who are most likely to leak or steal files.

View Investigation Features
Respond with confidence

Use Incydr Flows or SOAR integrations to initiate response controls that are proportionate to an activity’s risk severity.

View Response Features
Drive secure work habits

Ensure appropriate data governance and compliance with security standards and corporate policies.

View Education Features

Hear what our customers have to say about Incydr

How-to videos

Data Exposure Dashboard

The Data Exposure Dashboard provides an overview of all exposure and exfiltration activity, both on the endpoint and in the cloud.

Risk Detection Lenses: Departing Employees

Monitoring departing employees is an essential part of the offboarding process. Utilize the Departing Employee Lens to review file activity.

Risk Detection Lenses: High Risk Employees

Discover how to review file activity in the High Risk Employee Lens and quickly identify suspicious file movement.

Forensic Search allows you to investigate all file event activity detected by Incydr. 


Cases provide a way to compile, document, and disseminate investigation details.

Use Case: Removable Media

Removable media is a common exfiltration vector. See how Incydr provides visibility of removable media misuse.

Use Case: Concealed File Exfiltration

File mismatches occur when a file’s extension doesn’t match the file’s content. Incydr flags these and protects against concealed file exfiltration.

Data Preferences: Trusted Domains

Learn how to identify specific domains and IP addresses and filter the noise of trusted activity, such as sharing files between trusted domains.

How-to support articles

Review Suspicious File Activity

Incydr offers a wide variety of options to help you quickly identify suspicious or unexpected file activity.

Forensic Search

Forensic Search provides detailed visibility about files and enables security teams to monitor and investigate suspicious file activity.


Cases helps you manage and respond to security investigations with tools that collect, organize, and retain user file activity.

Data Preferences

Data Preferences settings enable you to exclude file activity from IP addresses and domains you trust from dashboard visualizations, alerts, and search results in Forensic Search.

User Profile

User Profile allows you to view suspicious file movement, endpoint and cloud services activity, and file activity for the previous 90 days of a specific user.

Risk Exposure Dashboard

The Risk Exposure dashboard provides a look into the different types of file activity occurring across your Incydr environment, including high risk and departing employees as well as employees that have the most file activity.

Departing Employees

Review the file activity of employees leaving your company.

Set Up Alerts

Alerts let you know when important data may be leaving your company.


Code42 offers a variety of integrations to enable you to leverage Incydr features and data in other systems.

Frequently asked questions

Incydr capabilities

  • How do I add a user to the Departing Employee or High Risk detection lenses?
    • Code42 offers workflow automation services to connect Incydr with your Human Resource Information System (HRIS). This integration will automatically populate Incydr lenses with the employees who meet the lens criteria. You can also manually add users to lenses by following these steps.
  • What tools does Incydr integrate with?
    • Incydr integrates with a range of tools such as Splunk, Okta, and Google Drive. We also have a robust and easy to use rest-based API for tools not in our ecosystem.
  • Where does the contextual information about a user come from?
    • We are able to pull Department, Title, Manager, and Location from your Identity Management provider. To learn more, take a look at our support article on provisioning user attributes to Code42. Additionally, users can automatically be added to Watchlists based on information such as departure date through Incydr Flow automation with HR systems, PAM and IAM.
  • What roles and permissions are available for Incydr?
    • Incydr offers a variety of roles and permissions to ensure administrators only have access to what they need to do their jobs. For example, you can choose the administrators who should have access to various features (such as the Risk Detection Lenses), and you can also control who is able to download and view file content from Forensic Search during an investigation. We recommend you assign roles and permissions based on your administration use cases. To find more information around the best role for your use case, please refer to this article. View this article for instructions on how to assign or remove a role. assigning or removing roles from users, please refer to: 
  • How do I deploy the agent?
    • Incydr can be installed on Windows, macOS and Linux using your desktop management software. Once installed, Incydr begins to silently monitor and collect files.  For more information, take a look at our support article on how to prepare to deploy a Code42 app
  • What is the agent impact?
    • Although results vary based on the above, we typically see 0-4% CPU and approximately 50MB of memory usage when the agent is in its steady state. Check out our Incydr Agent FAQs to learn more.

Data security

  • How does Code42 secure my data?
  • How does Code42 handle my encryption keys?
  • My company needs to meet compliance and regulatory requirements. How does Incydr support these requirements?
    • Implementing an Insider Risk Management solution helps you comply with regulations governing who has access to what data — and when, where and how that data is exposed and/or exfiltrated. Here’s a document explaining how Incydr supports a variety of compliance standards.
    • You can also rest assured that, as a company, Code42 utilizes industry standards and verification by independent auditors. We take a comprehensive approach to secure our products and solutions. Code42 maintains compliance certifications and attestations on our product and infrastructure to validate our robust security program. Additionally, Code42 ensures and monitors appropriate security assurance obligations. Learn more.


Helpful Incydr resources for your POV experience

Ready to deploy Incydr? What you need to know

Accelerate your Incydr rollout

Complete your deployment and configuration basics in as little as 2 weeks with Incydr ProStart.

Learn More

Incydr’s Professional Services

Accelerate your time to value with deployment services. Our experts will assist with a new deployment or a health check when upgrading.

Learn More

Optimize your configuration

Capture file activity that signals Insider Risk. Attend curated workshops to enhance your use of lenses, dashboards, alerts and integrations.

Learn More
Valuable Visibility And Insight

Published 11/9/20

Code42 has been a key partner in developing our Insider Threat Program. We needed a control to validate and record what had been a blind spot for our organization. Code42 delivered these capabilities and more.

Read Full Review
Code42 Was Instrumental In Making Our Insider Threat Management Dreams A Reality

Published 3/2/21

Code42 worked with us to make our insider threat program a reality. The Code42 security success team helped validate and shape the program definition itself while the technical team were instrumental enabling us to roll out the solution to our global fleet on a very aggressive timeline.

Read Full Review
Incydr Product

Published 11/16/20

My experience has been from a security perspective, piloting their Incydr product. I have found the team to be diligent and exceptionally responsive. Many times they have immediately hopped on a call when questions arose. Overall, very satisfied.

Read Full Review