high-risk-employee

(DEPRECATED): Use code42 watchlists commands instead.

Add and remove employees from the High Risk Employees detection list.

high-risk-employee [OPTIONS] COMMAND [ARGS]...

add

(DEPRECATED): Use code42 watchlists commands instead.

Add a user to the high risk employees detection list.

high-risk-employee add [OPTIONS] USERNAME

Options

--cloud-alias <cloud_alias>

If the employee has an email alias other than their Code42 username that they use for cloud services such as Google Drive, OneDrive, or Box, add and monitor the alias. WARNING: Adding a cloud alias will override any existing cloud alias for this user.

--notes <notes>

Optional notes about the employee.

-t, --risk-tag <risk_tag>

Risk tags associated with the employee.

Options

CONTRACT_EMPLOYEE | ELEVATED_ACCESS_PRIVILEGES | FLIGHT_RISK | HIGH_IMPACT_EMPLOYEE | PERFORMANCE_CONCERNS | POOR_SECURITY_PRACTICES | SUSPICIOUS_SYSTEM_ACTIVITY

-d, --debug

Turn on debug logging.

--totp <totp>

TOTP token for multi-factor authentication.

--profile <profile>

The name of the Code42 CLI profile to use when executing this command.

Arguments

USERNAME

Required argument

add-risk-tags

(DEPRECATED): Use code42 watchlists commands instead.

Associates risk tags with a user.

high-risk-employee add-risk-tags [OPTIONS] USERNAME

Options

-t, --risk-tag <risk_tag>

Risk tags associated with the employee.

Options

CONTRACT_EMPLOYEE | ELEVATED_ACCESS_PRIVILEGES | FLIGHT_RISK | HIGH_IMPACT_EMPLOYEE | PERFORMANCE_CONCERNS | POOR_SECURITY_PRACTICES | SUSPICIOUS_SYSTEM_ACTIVITY

-d, --debug

Turn on debug logging.

--totp <totp>

TOTP token for multi-factor authentication.

--profile <profile>

The name of the Code42 CLI profile to use when executing this command.

Arguments

USERNAME

Required argument

bulk

(DEPRECATED): Use code42 watchlists commands instead.

Tools for executing high risk employee actions in bulk.

high-risk-employee bulk [OPTIONS] COMMAND [ARGS]...

add

(DEPRECATED): Use code42 watchlists commands instead.

Bulk add users to the high risk employees detection list using a CSV file with format: username,cloud_alias,risk_tag,notes.

high-risk-employee bulk add [OPTIONS] CSV_FILE

Options

-d, --debug

Turn on debug logging.

--totp <totp>

TOTP token for multi-factor authentication.

--profile <profile>

The name of the Code42 CLI profile to use when executing this command.

Arguments

CSV_FILE

Required argument

add-risk-tags

(DEPRECATED): Use code42 watchlists commands instead.

Adds risk tags to users in bulk using a CSV file with format: username,tag.

high-risk-employee bulk add-risk-tags [OPTIONS] CSV_FILE

Options

-d, --debug

Turn on debug logging.

--totp <totp>

TOTP token for multi-factor authentication.

--profile <profile>

The name of the Code42 CLI profile to use when executing this command.

Arguments

CSV_FILE

Required argument

generate-template

Generate the CSV template needed for bulk adding/removing users.

high-risk-employee bulk generate-template [OPTIONS] [add|remove|add-risk-
                                          tags|remove-risk-tags]

Options

-p, --path <path>

Write template file to specific file path/name.

Arguments

CMD

Required argument

remove

(DEPRECATED): Use code42 watchlists commands instead.

Bulk remove users from the high risk employees detection list using a CSV file with format username.

high-risk-employee bulk remove [OPTIONS] CSV_FILE

Options

-d, --debug

Turn on debug logging.

--totp <totp>

TOTP token for multi-factor authentication.

--profile <profile>

The name of the Code42 CLI profile to use when executing this command.

Arguments

CSV_FILE

Required argument

remove-risk-tags

(DEPRECATED): Use code42 watchlists commands instead.

Removes risk tags from users in bulk using a CSV file with format: username,tag.

high-risk-employee bulk remove-risk-tags [OPTIONS] CSV_FILE

Options

-d, --debug

Turn on debug logging.

--totp <totp>

TOTP token for multi-factor authentication.

--profile <profile>

The name of the Code42 CLI profile to use when executing this command.

Arguments

CSV_FILE

Required argument

list

(DEPRECATED): Use code42 watchlists commands instead.

Lists the employees on the High Risk Employee list.

high-risk-employee list [OPTIONS]

Options

-d, --debug

Turn on debug logging.

--totp <totp>

TOTP token for multi-factor authentication.

--profile <profile>

The name of the Code42 CLI profile to use when executing this command.

-f, --format <format>

The output format of the result. Defaults to table format.

Options

TABLE | CSV | JSON | RAW-JSON

--filter <filter>

High risk employee filter options. Defaults to ALL.

Options

EXFILTRATION_24_HOURS | EXFILTRATION_30_DAYS | ALL

remove

(DEPRECATED): Use code42 watchlists commands instead.

Remove a user from the high risk employees detection list.

high-risk-employee remove [OPTIONS] USERNAME

Options

-d, --debug

Turn on debug logging.

--totp <totp>

TOTP token for multi-factor authentication.

--profile <profile>

The name of the Code42 CLI profile to use when executing this command.

Arguments

USERNAME

Required argument

remove-risk-tags

(DEPRECATED): Use code42 watchlists commands instead.

Disassociates risk tags from a user.

high-risk-employee remove-risk-tags [OPTIONS] USERNAME

Options

-t, --risk-tag <risk_tag>

Risk tags associated with the employee.

Options

CONTRACT_EMPLOYEE | ELEVATED_ACCESS_PRIVILEGES | FLIGHT_RISK | HIGH_IMPACT_EMPLOYEE | PERFORMANCE_CONCERNS | POOR_SECURITY_PRACTICES | SUSPICIOUS_SYSTEM_ACTIVITY

-d, --debug

Turn on debug logging.

--totp <totp>

TOTP token for multi-factor authentication.

--profile <profile>

The name of the Code42 CLI profile to use when executing this command.

Arguments

USERNAME

Required argument