IncydrTM Advanced

Thank you for being a Code42 customer. This page will serve as your go-to resource to get the latest product information about Incydr Advanced along with new and relevant resources to help you make the most of your deployment.

Visit customer toolkit

Code42 in 2'

Each month we continue to deliver next-level innovation to help you outpace and outsmart insider threat. There's a lot going on, and we do our best to cover what's new in 2 minutes or less with our monthly Code42 in 2' video series. Watch this month's video highlighting the newest product enhancements.

Latest release notes

Feature Release Highlights

New file alert capabilities

Get notified about exfiltration activity when specific files or file extensions (such as TAR, ZIP, or CPP) or words within a filename (such as "forecast" or "sales") are moved or shared.

Tip: Utilize this feature to monitor and protect your most valuable IP.

New product feature: Cases

Cases provide you with an efficient way to compile, document and disseminate pertinent investigation details so you can make a fast and informed decision about how to respond. 

Tip: Create and manage cases alongside your investigations to quickly compile all of the relevant file events and notes in one place. 

New exfiltration vector: Airdrop

The newest exfiltration vector monitored is Airdrop for MacOS. To determine if data has been exfiltrated through Airdrop, search for the “sharing” process when using Forensic Search to investigate.

Tip: Airdrop exfiltration is included in the totals for “Read by browser or other app” when viewing dashboards and browser activity reports. Use Forensic Search to enhance your investigation and determine when exfiltration via Airdrop occurs.

Cloud sync enhancement: Username detection

This cloud sync enhancement will allow you to distinguish between personal and corporate cloud sync applications. This means that you can detect when, for example, a user syncs a file to their personal Google Drive account rather than their corporate account.

Tip: Cloud sync events are evaluated in the context of your Trusted domains list. Specify Trusted domains in order to reduce the noise of legitimate work and focus on high-risk data exfiltration.

Enhanced alerts with note-taking ability

Newly added: the ability to add notes to alerts. This will help you to reference findings and case information within the alert for future auditing or knowledge transfer. Alert notes can be accessed through either the UI or the API

Tip: Take 2 minutes to watch this Code42 in 2' video to see a quick overview of these alert enhancements in the product itself.

Command Line Interface (CLI) tool

Through the CLI you can batch add or remove users to legal hold and alert rules. Additionally, we have added enhanced export functionality which enables you to send data to your SIEM and other external tools.

Tip: For a hands-on approach to learning more about Code42's CLI tool, check out the CLI workshop from Code42 University.

Secure data throughout employee tenure with risk detection lenses

Throughout an employee’s tenure at your company, their access to data can evolve, creating opportunities that may put data at risk. This might be through onboarding a new employee, monitoring employees you deem a flight-risk, a departing employee or those with poor security practices or knowledge. No matter the situation, Incydr Advanced risk detection lenses will help increase your ability to detect and respond when employees put valuable data at risk.

Explore risk detection lenses

Technical Tip

Did you know that you can customize applications monitored for file exfiltration? By default, Incydr monitors applications such as web browsers, Slack, Airdrop, FileZilla, FTP and cURL. You can easily add monitoring for additional applications such as WeChat, WhatsApp, Zoom and Amazon Chime in order to detect file exfiltration that signals risk for your organization.

Learn how

Looking for more resources?

Visit the Customer Toolkit for the latest product information, training and tips to get the most out of Incydr.
Visit customer toolkit