Thank you for being a Code42 customer. This page will serve as your go-to resource to get the latest product information about Incydr Advanced along with new and relevant resources to help you make the most of your deployment.
Code42 in 2'
Each month we continue to deliver next-level innovation to help you outpace and outsmart insider threat. There's a lot going on, and we do our best to cover what's new in 2 minutes or less with our monthly Code42 in 2' video series. Watch this month's video highlighting the newest product enhancements.
Feature Release Highlights
New product feature: Cases
Cases provide you with an efficient way to compile, document and disseminate pertinent investigation details so you can make a fast and informed decision about how to respond.
Tip: Create and manage cases alongside your investigations to quickly compile all of the relevant file events and notes in one place.
New exfiltration vector: Airdrop
The newest exfiltration vector monitored is Airdrop for MacOS. To determine if data has been exfiltrated through Airdrop, search for the “sharing” process when using Forensic Search to investigate.
Tip: Airdrop exfiltration is included in the totals for “Read by browser or other app” when viewing dashboards and browser activity reports. Use Forensic Search to enhance your investigation and determine when exfiltration via Airdrop occurs.
Alert enhancement: Status messages
You’re likely not the only person who needs to investigate alerts when they come in. To let your team know when you’re on it, use alert status messages, such as open, in progress, pending response and dismissed.
Tip: Check out our alerts reference guide to brush up on best practices related to reviewing and managing alerts.
Cloud sync enhancement: Username detection
This cloud sync enhancement will allow you to distinguish between personal and corporate cloud sync applications. This means that you can detect when, for example, a user syncs a file to their personal Google Drive account rather than their corporate account.
Tip: Cloud sync events are evaluated in the context of your Trusted domains list. Specify Trusted domains in order to reduce the noise of legitimate work and focus on high-risk data exfiltration.
Enhanced alerts with note-taking ability
Newly added: the ability to add notes to alerts. This will help you to reference findings and case information within the alert for future auditing or knowledge transfer. Alert notes can be accessed through either the UI or the API
Tip: Take 2 minutes to watch this Code42 in 2' video to see a quick overview of these alert enhancements in the product itself.
Command Line Interface (CLI) tool
Through the CLI you can batch add or remove users to legal hold and alert rules. Additionally, we have added enhanced export functionality which enables you to send data to your SIEM and other external tools.
Tip: For a hands-on approach to learning more about Code42's CLI tool, check out the CLI workshop from Code42 University.
Secure data throughout employee tenure with risk detection lenses
Throughout an employee’s tenure at your company, their access to data can evolve, creating opportunities that may put data at risk. This might be through onboarding a new employee, monitoring employees you deem a flight-risk, a departing employee or those with poor security practices or knowledge. No matter the situation, Incydr Advanced risk detection lenses will help increase your ability to detect and respond when employees put valuable data at risk.
Did you know that you can customize applications monitored for file exfiltration? By default, Incydr monitors applications such as web browsers, Slack, Airdrop, FileZilla, FTP and cURL. You can easily add monitoring for additional applications such as WeChat, WhatsApp, Zoom and Amazon Chime in order to detect file exfiltration that signals risk for your organization.