Skip to main content


Download With Dependencies

The Code42 INCYDR integration accelerates insider threat incident response and remediation procedures for potential data exfiltration across computers, email, cloud and SaaS apps.

Code42 integrates with Palo Alto Networks Cortex XSOAR to provide accelerated incident response and automated remediation to potential file exfiltration from insiders happening across endpoints, email, cloud and SaaS applications. The Code42 exfiltration playbook in Cortex XSOAR investigates potential file exfiltration and provides fast access to file events and metadata across physical and cloud environments.

Code42 together with Cortex XSOAR enables security teams to scale, standardize and accelerate their overall incident response process for Insider Risk, so they can quickly detect and respond to data risk when employees or temporary workers leave your organization.

  • Identify potential data exfiltration and insider risk, while speeding investigation and response by providing fast access to file events and metadata across physical and cloud environments.
  • Accelerate and standardize incident escalation workflows for insider threats throughout the employee lifecycle.
  • Automate steps within the employee offboarding process by triggering a configurable lookback of an employee’s historic file movements for manager review.
  • Right-size response to insider risk at scale, whether that be through automated action, alerting the employee’s manager for corrective conversation, or placing a user on legal hold.
  • Remotely add employees to, or remove employees from, Code42 watchlists or to legal hold from within Cortex XSOAR.
  • Leverage hundreds of Cortex XSOAR third-party product integrations to coordinate response across security functions based on insights from Code42.




Cortex XSOARCortex XSIAM


CertificationRead more
Supported ByPartner
CreatedAugust 2, 2020
Last ReleaseMarch 27, 2023

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.