Add Users to Alert Rules

Once you create an alert rule in the Code42 console, you can use the CLI alert-rules commands to add and remove users from your existing alert rules.

To see a list of all the users currently in your organization:

View Existing Alert Rules

You’ll need the ID of an alert rule to add or remove a user.

To view a list of all alert rules currently created for your organization, including the rule ID, use the following command:

code42 alert-rules list

Once you’ve identified the rule ID, view the details of the alert rule as follows:

code42 alert-rules show <rule-ID>

Example output

Example output for a single alert rule in default JSON format.

{
    "type$": "ENDPOINT_EXFILTRATION_RULE_DETAILS_RESPONSE",
    "rules": [
        {
            "type$": "ENDPOINT_EXFILTRATION_RULE_DETAILS",
            "tenantId": "c4e43418-07d9-4a9f-a138-29f39a124d33",
            "name": "My Rule",
            "description": "this is your rule!",
            "severity": "HIGH",
            "isEnabled": false,
            "fileBelongsTo": {
                "type$": "FILE_BELONGS_TO",
                "usersToAlertOn": "ALL_USERS"
            },
            "notificationConfig": {
                "type$": "NOTIFICATION_CONFIG",
                "enabled": false
            },
            "fileCategoryWatch": {
                "type$": "FILE_CATEGORY_WATCH",
                "watchAllFiles": true
            },
            "ruleSource": "Alerting",
            "fileSizeAndCount": {
                "type$": "FILE_SIZE_AND_COUNT",
                "fileCountGreaterThan": 2,
                "totalSizeGreaterThanInBytes": 200,
                "operator": "AND"
            },
            "fileActivityIs": {
                "type$": "FILE_ACTIVITY",
                "syncedToCloudService": {
                    "type$": "SYNCED_TO_CLOUD_SERVICE",
                    "watchBox": false,
                    "watchBoxDrive": false,
                    "watchDropBox": false,
                    "watchGoogleBackupAndSync": false,
                    "watchAppleIcLoud": false,
                    "watchMicrosoftOneDrive": false
                },
                "uploadedOnRemovableMedia": true,
                "readByBrowserOrOther": true
            },
            "timeWindow": 15,
            "id": "404ff012-fa2f-4acf-ae6d-107eabf7f24c",
            "createdAt": "2021-04-27T01:55:36.4204590Z",
            "createdBy": "sean.cassidy@example.com",
            "modifiedAt": "2021-09-03T01:46:13.2902310Z",
            "modifiedBy": "sean.cassidy@example.com",
            "isSystem": false
        }
    ]
}

Add a User to an Alert Rule

You can manage the users who are associated with an alert rule once you know the rule’s rule_id and the user’s username.

To add a single user to your alert rule, use the following command:

code42 alert-rules add-user --rule-id <rule-id> -u sean.cassidy@example.com

Alternatively, to add multiple users to your alert rule, fill out the add CSV file template, then use the bulk add command with the CSV file path.

code42 alert-rules bulk add users.csv

You can remove single or multiple users from alert rules similarly using the remove-user and bulk remove commands.

Get CSV Template

The following command will generate a CSV template to either add or remove users from multiple alert rules at once. The CSV file will be saved to the current working directory.

code42 alert-rules bulk generate-template [add|remove]

You can then fill out and use each of the CSV templates with their respective bulk commands.

code42 alert-rules bulk [add|remove] /Users/my_user/bulk-command.csv

Learn more about the Alert Rules commands.