Code42 Suspicious Activity Review v2

Detects suspicious activities of a user and allows a recipient to assess the results. Afterward, the playbook takes action on the user such as adding them to legal hold.

Code42 · 9 tasks · 3 inputs · 0 outputs

Inputs

  • Username — The username of the employee.
  • ReviewerEmail — The email recipient to review potential suspicious activity related to the user, such as the user's manager.
  • LegalHoldMatterId — The legal hold matter ID to add the user to if selecting ADD-TO-LEGAL-HOLD in the Decide Remediation Action task.

Commands used

code42-file-events-search

Flowchart

No yes yes Start Start Retrieve Exfiltration Events - code42-file-events-search Retrieve Exfiltration Events code42-file-events-search Complete Complete Request Manager Review Request Manager Review Did the recipient say it is suspicious? Did the recipient say it ... Decide Remediation Action Decide Remediation Action ConvertTableToHTML - ConvertTableToHTML ConvertTableToHTML ConvertTableToHTML Were exposure events found? Were exposure events found? Code42 Suspicious Activity Action v2 - Code42 Suspicious Activity Action v2 Code42 Suspicious Activit... Code42 Suspicious Activity Ac...