Code42 + Splunk

Correlate actionable risk insights to speed insider threat response



Code42 integrates with Splunk to deliver valuable file exfiltration events to custom dashboards for correlation and triage within the Splunk Security Operations Suite.

Code42’s insider risk detection lenses surface insights for subsets of users more likely to put data at risk, such as users with access to proprietary information or departing employees. Extracting this data into dashboards within Splunk provides actionable insights that can be applied to existing SOC workflows to substantiate insider threat investigations and speed response.

Benefits of the Code42 + Splunk integration

Prioritized risk
Leverage Code42’s signal capabilities to manage insider risk throughout the employee lifecycle and across users more likely to put data at risk.

Reduced complexity
Apply Code42 file exposure and exfiltration events into Splunk dashboards or workflows.

Faster response
Speed response to insider threat incidents with actionable insights to substantiate investigations.

Integration features

  • Custom dashboards: Create custom dashboards within Splunk using Code42 data to show exposure types, users and events that make sense for your environment.
  • Correlated events: Correlate Code42 information with other security events managed in the Splunk Security Operations Center.
  • Keyword search: Tailor detailed queries based on file, vector or user (i.e. only files that have been uploaded via a browser or application reads by domain).
  • Prioritized risk detection: Manage users and tasks for a variety of insider threat scenarios including departing employees, high-risk or remote users all from within Splunk.
  • Insider threat ecosystem: Leverage Code42 to establish insider threat processes and maximize the potential of your existing security investments.
Featured Use Case

Extract Code42 data into Splunk for actionable insights, correlation and triage of insider threats

Challenge: Policy-driven approaches to mitigating insider risk have left organizations blind to the data security events that are hard to tag or categorize.

Solution: Code42 logs every file event then enriches it with context on the vector, file and user to determine what represents real risk. This information can be extracted into Splunk for correlation and triage, allowing security teams to run detailed queries that make sense for your environment.

Benefit: Code42 data can be applied to custom dashboards within Splunk that inform security workflows for insider risks including departing employees, high-risk or remote users. Streamlining incident triage within Splunk reduces complexity by correlating event information to deliver actionable insights that speed insider threat response.