Skip to main content

Code42 Insider Threat Remediation

Use the Code42InsiderThreatRemediation Pack to detect and respond to security alerts from suspicious insider activity.

The Code42 Insider Threat Remediation content pack is an integrated offering that enables security teams to scale, standardize and automate certain insider threat incident response processes based on preset triggers within Cortex XSOAR.
A common trigger includes an email sent from a human capital management (HCM) system, indicating an employee has resigned or is leaving the organization.
The content pack provides security teams with a configurable lookback of an employee’s historic file movements, including browser uploads and cloud sync activity, and then automatically generates an alert to a recipient, such as the employee's manager, for review.
This detailed information can be used to easily determine sanctioned or unsanctioned activity, speed investigations and enable security teams to take a right-sized approach to incident response.

Try Code42 Incydr at no cost for 30 days

What does this pack do?

The playbooks included in this pack handle the following use-cases:

  • Investigating a departing employee for suspicious activity.
  • Automate generating departing employees from ticketing systems.
  • Automate attaching files from exposure-activity to ticketing systems.
  • Take actions on employees with when activity is reported as suspicious, such as blocking the user or adding them to legal hold.




Cortex XSOAR


CertificationRead more
Supported ByPartner
CreatedJanuary 11, 2021
Last ReleaseFebruary 24, 2021

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.