high-risk-employee¶

Add and remove employees from the High Risk Employees detection list.

high-risk-employee [OPTIONS] COMMAND [ARGS]...

add¶

Add a user to the high risk employees detection list.

high-risk-employee add [OPTIONS] USERNAME

Options

--cloud-alias <cloud_alias>¶: If the employee has an email alias other than their Code42 username that they use for cloud services such as Google Drive, OneDrive, or Box, add and monitor the alias. WARNING: Adding a cloud alias will override any existing cloud alias for this user.

--notes <notes>¶: Optional notes about the employee.

-t, --risk-tag <risk_tag>¶

Risk tags associated with the employee.

Options:	CONTRACT_EMPLOYEE\|ELEVATED_ACCESS_PRIVILEGES\|FLIGHT_RISK\|HIGH_IMPACT_EMPLOYEE\|PERFORMANCE_CONCERNS\|POOR_SECURITY_PRACTICES\|SUSPICIOUS_SYSTEM_ACTIVITY

-d, --debug¶: Turn on debug logging.

--totp <totp>¶: TOTP token for multi-factor authentication.

--profile <profile>¶: The name of the Code42 CLI profile to use when executing this command.

Arguments

USERNAME¶: Required argument

add-risk-tags¶

Associates risk tags with a user.

high-risk-employee add-risk-tags [OPTIONS] USERNAME

Options

-t, --risk-tag <risk_tag>¶

Risk tags associated with the employee.

Options:	CONTRACT_EMPLOYEE\|ELEVATED_ACCESS_PRIVILEGES\|FLIGHT_RISK\|HIGH_IMPACT_EMPLOYEE\|PERFORMANCE_CONCERNS\|POOR_SECURITY_PRACTICES\|SUSPICIOUS_SYSTEM_ACTIVITY

-d, --debug¶: Turn on debug logging.

--totp <totp>¶: TOTP token for multi-factor authentication.

--profile <profile>¶: The name of the Code42 CLI profile to use when executing this command.

Arguments

USERNAME¶: Required argument

bulk¶

Tools for executing high risk employee actions in bulk.

high-risk-employee bulk [OPTIONS] COMMAND [ARGS]...

add¶

Bulk add users to the high risk employees detection list using a CSV file with format: username,cloud_alias,risk_tag,notes.

high-risk-employee bulk add [OPTIONS] CSV_FILE

Options

-d, --debug¶: Turn on debug logging.

--totp <totp>¶: TOTP token for multi-factor authentication.

--profile <profile>¶: The name of the Code42 CLI profile to use when executing this command.

Arguments

CSV_FILE¶: Required argument

add-risk-tags¶

Adds risk tags to users in bulk using a CSV file with format: username,tag.

high-risk-employee bulk add-risk-tags [OPTIONS] CSV_FILE

Options

-d, --debug¶: Turn on debug logging.

--totp <totp>¶: TOTP token for multi-factor authentication.

--profile <profile>¶: The name of the Code42 CLI profile to use when executing this command.

Arguments

CSV_FILE¶: Required argument

generate-template¶

Generate the CSV template needed for bulk adding/removing users.

high-risk-employee bulk generate-template [OPTIONS] [add|remove|add-risk-
                                          tags|remove-risk-tags]

Options

-p, --path <path>¶: Write template file to specific file path/name.

Arguments

CMD¶: Required argument

remove¶

Bulk remove users from the high risk employees detection list using a line-separated file of usernames.

high-risk-employee bulk remove [OPTIONS] FILE

Options

-d, --debug¶: Turn on debug logging.

--totp <totp>¶: TOTP token for multi-factor authentication.

--profile <profile>¶: The name of the Code42 CLI profile to use when executing this command.

Arguments

FILE¶: Required argument

remove-risk-tags¶

Removes risk tags from users in bulk using a CSV file with format: username,tag.

high-risk-employee bulk remove-risk-tags [OPTIONS] CSV_FILE

Options

-d, --debug¶: Turn on debug logging.

--totp <totp>¶: TOTP token for multi-factor authentication.

--profile <profile>¶: The name of the Code42 CLI profile to use when executing this command.

Arguments

CSV_FILE¶: Required argument

list¶

Lists the employees on the High Risk Employee list.

high-risk-employee list [OPTIONS]

Options

-d, --debug¶: Turn on debug logging.

--totp <totp>¶: TOTP token for multi-factor authentication.

--profile <profile>¶: The name of the Code42 CLI profile to use when executing this command.

-f, --format <format>¶

The output format of the result. Defaults to table format.

Options:	TABLE\|CSV\|JSON\|RAW-JSON

--filter <filter>¶

High risk employee filter options. Defaults to ALL.

Options:	EXFILTRATION_24_HOURS\|EXFILTRATION_30_DAYS\|ALL

remove¶

Remove a user from the high risk employees detection list.

high-risk-employee remove [OPTIONS] USERNAME

Options

-d, --debug¶: Turn on debug logging.

--totp <totp>¶: TOTP token for multi-factor authentication.

--profile <profile>¶: The name of the Code42 CLI profile to use when executing this command.

Arguments

USERNAME¶: Required argument

remove-risk-tags¶

Disassociates risk tags from a user.

high-risk-employee remove-risk-tags [OPTIONS] USERNAME

Options

-t, --risk-tag <risk_tag>¶

Risk tags associated with the employee.

Options:	CONTRACT_EMPLOYEE\|ELEVATED_ACCESS_PRIVILEGES\|FLIGHT_RISK\|HIGH_IMPACT_EMPLOYEE\|PERFORMANCE_CONCERNS\|POOR_SECURITY_PRACTICES\|SUSPICIOUS_SYSTEM_ACTIVITY

-d, --debug¶: Turn on debug logging.

--totp <totp>¶: TOTP token for multi-factor authentication.

--profile <profile>¶: The name of the Code42 CLI profile to use when executing this command.

Arguments

USERNAME¶: Required argument