Security alerts for Dropbox Business

Security alerts is a feature available to Dropbox Business teams on an Enterprise plan. With security alerts, admins will receive email notifications whenever suspicious behavior, risky activity, and potential data leaks are detected.

View alert details

You can view details about a specific alert, including who is responsible, what happened, when it happened, and what files, folders, or people were impacted. 

To view alert details from an email you received about the alert, click Open alert directly from the email. 

To view alert details on dropbox.com:

  1. Sign in to dropbox.com with your admin credentials.
  2. Click Admin console.
  3. Click Security.
  4. Click Alerts.
  5. Click “” (ellipsis) next to the alert you’d like to view.
  6. Click Open alert details.

Take action on an alert

From the alert details page, you can take the following actions:

  • Restore in activity page - If you were sent a Mass deletion alert, this will take you to the activity page where you can restore the deleted files.
  • Email team member - This will allow you to email the team member who triggered the alert.
  • Suspend team member - This will suspend the team member responsible for the alert.
  • Acknowledge - This will mark the alert as acknowledged and remove it from the main alerts list.
  • In Progress - This will mark the alert as in progress and remove it from the main alerts list.
  • Resolved - This will mark the alert as resolved and remove it from the main alerts list.
  • Dismissed - This will mark the alert as dismissed and remove it from the main alerts list.

What kinds of events trigger an alert?

  • Mass deletion - A team member deleted an unusually large amount of data over a short period of time.
  • Mass data move - A team member moved an unusually large amount of data over a short period of time.
  • Sensitive content shared externally - A team member shared a file labeled as personal information outside of your team.
  • Malware shared from outside your team - Someone outside your team shared a malware file with team members.
  • Malware shared with your team - A team member shared a file containing malware.
  • Too many sign-in attempts - A team member tried to sign in unsuccessfully too many times.
  • Sign-in from a high-risk country - A team member signed in from a location that could be considered high-risk. This includes sign ins from the following countries: Afghanistan, China, Cuba, Democratic People's Republic of Korea, Islamic Republic of Iran, Libya, Nigeria, Sudan, Syrian Arab Republic, and Yemen.

Set alert sensitivity

If you’re getting too many alerts, you can change the sensitivity of Mass deletion and Mass move alerts. To set alert sensitivity:

  1. Sign in to dropbox.com with your admin credentials.
  2. Click Admin console.
  3. Click Security.
  4. Click Alert policies.
  5. Click the “ (ellipsis) next to the alert you’d like to change.
  6. Next to Alert sensitivity, select your preferred alert sensitivity level.
  7. Click Save.

Manage alert notifications

To change who receives notifications about a type of alert:

  1. Sign in to dropbox.com with your admin credentials.
  2. Click Admin console.
  3. Click Security.
  4. Click Alert policies.
  5. Click the “ (ellipsis) next to the alert you’d like to change.
  6. Next to Notifications, select either All team admins or Specific team admins / groups
  7. Click Save.

Turn alerts off or on

By default, all alert types are turned on. To turn alerts off or on:

  1. Sign in to dropbox.com with your admin credentials.
  2. Click Admin console.
  3. Click Security.
  4. Click Alert policies.
  5. Click the “ (ellipsis) next to the alert type you’d like to turn on or off.
  6. Next to General information, toggle the alert on or off. 
  7. Click Save.
How helpful was this article?

We’re sorry to hear that.
Let us know how we can improve:

Thanks for your feedback!
Let us know how this article helped:

Thanks for your feedback!