US Trends

what language does code42 use for creating IRM rules?

Code42’s Insider Risk Management (IRM) product Incydr does not use a special proprietary “rule language” like SPL or KQL; instead, IRM rules and automations are defined through the Incydr web UI and via their REST APIs, which are typically consumed using standard languages such as Python (through the py42 SDK) or command-line tooling.

Quick Scoop

For creating and managing IRM-style rules and workflows in Code42 Incydr, you generally work in two layers:

  • The Incydr SaaS UI , where you configure alert rules, risk indicators, watchlists, and response actions using point-and-click configuration rather than a text-based query language.
  • The Code42 REST APIs , which expose those configurations and events programmatically, and are most commonly accessed via:
    • Python , using the py42 library (a Python wrapper around Code42’s REST APIs).
* The **Code42 CLI** , which is built on top of the same APIs and lets you script interactions from the shell.

In other words, if you want to “create IRM rules” in a code-centric way, you typically:

  1. Use Python with py42 to call the IRM-related endpoints (for alerts, cases, and workflows).
  1. Or use the CLI , which you can embed in shell scripts or automation platforms to manage Incydr risk rules and responses.

There is no separate, documented IRM-specific domain language like “Code42QL”; instead, you define conditions and actions via the product’s configuration model and APIs, while your automation logic uses mainstream languages such as Python.

Information gathered from public forums or data available on the internet and portrayed here.