Thank you for being a Code42 customer. This page will serve as your go-to resource to get the latest product information about Incydr Basic along with new and relevant resources to help you make the most of your deployment.
Code42 in 2'
Each month we continue to deliver next-level innovation to help you outpace and outsmart insider threat. There's a lot going on, and we do our best to cover what's new in 2 minutes or less with our monthly Code42 in 2' video series. Watch this month's video highlighting the newest product enhancements.
Product Plan Reminder: Risk Detection lenses, file metadata collection and cloud risk detection sources highlighted in these videos are only available with the Incydr Advanced product plan. Contact your Customer Success Manager to try out Incydr Advanced in your own environment.
Feature Release Highlights
New file alert capabilities
Get notified about exfiltration activity when specific files or file extensions (such as TAR, ZIP, or CPP) or words within a filename (such as "forecast" or "sales") are moved or shared.
Tip: Utilize this feature to monitor and protect your most valuable IP.
New access to User Profiles
Get a 90 day look back at any employee’s computer and cloud activity and see risk indicators - such as off-hour file events - to prioritize activity for investigation.
Tip: Set up necessary permission using the roles in our use case for investigating suspicious file activity.
New exfiltration vector: Airdrop
The newest exfiltration vector monitored is Airdrop for MacOS. To determine if data has been exfiltrated through Airdrop, search for the “sharing” process when using Forensic Search to investigate.
Tip: Airdrop exfiltration is included in the totals for “Read by browser or other app” when viewing dashboards and browser activity reports. Use Forensic Search to enhance your investigation and determine when exfiltration via Airdrop occurs.
Cloud sync enhancement: Username detection
This cloud sync enhancement will allow you to distinguish between personal and corporate cloud sync applications. This means that you can detect when, for example, a user syncs a file to their personal Google Drive account rather than their corporate account.
Tip: Cloud sync events are evaluated in the context of your Trusted domains list. Specify Trusted domains in order to reduce the noise of legitimate work and focus on high-risk data exfiltration.
Enhanced alerts with note-taking ability
Newly added: the ability to add notes to alerts. This will help you to reference findings and case information within the alert for future auditing or knowledge transfer. Alert notes can be accessed through either the UI or the API
Tip: Take 2 minutes to watch this Code42 in 2' video to see a quick overview of these alert enhancements in the product itself.
Command Line Interface (CLI) tool
Through the CLI you can batch add or remove users to legal hold and alert rules. Additionally, we have added enhanced export functionality which enables you to send data to your SIEM and other external tools.
Tip: For a hands-on approach to learning more about Code42's CLI tool, check out the CLI workshop from Code42 University.
Create and Manage
Creating custom alerts in Incydr will provide you with context to file, vector and user data risk quickly in order to help prioritize response. Alert rules allow you to determine when and how you are notified by Incydr.
Did you know that you can customize applications monitored for file exfiltration? By default, Incydr monitors applications such as web browsers, Slack, Airdrop, FileZilla, FTP and cURL. You can easily add monitoring for additional applications such as WeChat, WhatsApp, Zoom and Amazon Chime in order to detect file exfiltration that signals risk for your organization.