Code42 Incyder
  • 10 Nov 2024
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Code42 Incyder

  • Dark
    Light
  • PDF

Article summary

Code42 Incyder (formerly Code42) is a next-gen DLP solution used to detect insider threats, satisfy regulatory compliance, and accelerate incident response investigations.

Related Enforcement Actions:

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users

Parameters

  1. Code42 Domain (required) - The hostname or IP address of the Code42 server.
  2. Authentication Method (required) - Select whether to authenticate via user credentials or client credentials.
  3. User Name and Password (required) - If the authentication method is via user credentials, specify the credentials for a user account that has the Required Permissions to fetch assets.
Note:

These parameters are only displayed when the User Credentials option is selected from the Authentication Method dropdown.

  1. Client ID and Client Secret (required) - If the authentication method is via client credentials, specify the Client ID and Client Secret to be used to authenticate the request. For more information about obtaining a Client ID and Client Secret, see API Clients.
Note:

These parameters are only displayed when the Client Credentials option is selected from the Authentication Method dropdown.

  1. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

  2. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Code42_Incyder1


Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  1. Use agents as the default for devices - Select this option to use the agents endpoint as the default for fetching devices.
  2. Fetch devices backup usage - Select this option to fetch the device's backup usage.
    Note:

    This only exists in newer versions (/api/v1) and not in the old version (/api).

  3. Use osHostname field as hostname - Select whether to use the os_hostname field fetched from Code42 as the device's hostname.
    • If selected, all connections for this adapter will use the osHostname field fetched from Code42 as the device's hostname.
    • If cleared, all connections for this adapter will use the Name field fetched from Code42 as the device's hostname.
  4. Filter by Org ID - Toggle on this option to filter by Org IDs. Then enter a comma separated list of Org IDs in the Org ID allow list, to only fetch from these Org IDs.
  5. Ignore Deactivated/Blocked Users - Select whether to ignore users fetched from Code42 with the values “Deactivated” or “Blocked” in the status field.
  6. Ignore Deactivated/Blocked Devices - Select whether to ignore devices fetched from Code42 with the values “Deactivated” or “Blocked” in the status field.
Note:

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.

APIs

Axonius uses the Code42 API.

Note:

To use the Code42 Incyder adapter, you must have a product plan that includes access to the Code42 API. For more details, see Code42 Support - API access.

Required Permissions

The value supplied in User Name must have Read access to devices with a read-only role. This role provides permission to access the data necessary to a given API resource. For more details, see Code42 support - Manage user roles.



Was this article helpful?