Skip to main content

Code42 Event Collector

This Integration is part of the Code42 Pack.#

Supported versions

Supported Cortex XSOAR versions: 8.4.0 and later.

Code42 Insider Risk software solutions provide the right balance of transparency, technology and training to detect and appropriately respond to data risk. Use the Code42EventCollector integration to fetch file events and audit logs.

Configure Code42 Event Collector on Cortex XSIAM#

  1. Navigate to Settings > Configurations > Data Collection > Automation & Feed Integrations.

  2. Search for Code42 Event Collector.

  3. Click Add instance to create and configure a new integration instance.

    Server URL (e.g.,, see help section)True
    API Client IDTrue
    API Client SecretTrue
    Maximum number of file events per fetchTrue
    Maximum number of audit events per fetchTrue
    Trust any certificate (not secure)False
  4. Click Test to validate the URLs, token, and connection.

Code42 Event Collector Authentication#

Code42 API uses the OAuth 2.0 protocol for authentication and authorization.

The domain used for making API requests can be determined using the domain you use to log in to the Code42 console.

Console DomainAPI Domain

For each request sent to the API, a bearer token will be requested to authenticate your action. The bearer token should be renewed each 15 minutes. This is done automatically by the integration.

You can retrieve your API credentials by following the instructions in the Code 42 documentation.

Code42 Event Collector Rate Limits#

The Code42 API can handle up to 120 requests per minute. After that the API will start to decline client's requests.

The integration with the default configuration should not raise any rate-limits.

Code42 Event Collector Required Scopes#

To use the Code42 Event Collector, make sure you have the correct product plan which must include full Code42 API access.


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.


Manual command to get events, used mainly for debugging

Base Command#



Argument NameDescriptionRequired
start_dateStarting time from which to get events.Required
end_dateTime until when to get events.Required
limitThe maximum number of events to return. Default is 100.Required
event_typeThe type of event to return. Possible values are: audit-logs, file-events.Required

Context Output#

There is no context output for this command.