Threat detection alerts
If ShareFile detects unusual account activity, it will send out an email alert so admins, employee users, or client users of ShareFile can act on threats as soon as they’re detected.
Security alerts and recipients
Security alerts are sent to each persona in the given scenarios.
| Alert type | Client / Employee | ShareFile Admin | Folder owner |
|---|---|---|---|
| Unusual location alert | Y | Y | Y |
| Unusual device & location alert | Y | Y | Y |
| More than 5 failed sign-in attempts | Y | Y | |
| Malware upload | Y | Y |
Client / Employees - refers to the client and employee users who access ShareFile accounts.
ShareFile Admin - refers to the account owner or administrator of the ShareFile account.
Folder owner - refers to the employees or users with access to ShareFile accounts.
The security alert dashboard includes:
-
Alert History - A log of the past 30 days threats and their details, allowing users to review historical security events.
-
Event Timeline - A chronological list of activities and events related to the alert, providing context about what happened.
-
Affected Files or Folders - Information about the specific files or folders that may have been involved in the security event.
-
User and Location Details - Details about the user accounts, devices, and locations associated with the alert.
Employees and administrators can access the Activity and Security Alerts dashboard within the ShareFile web UI by navigating People > Browse Clients > select client name then selecting the Activity and Security Alerts tab that provides detailed information about the alert.
Activity and Security Alerts dashboard
The ShareFile Activity and Security Alerts dashboard provides a view of recent security alerts and user activity details when a security warning occurs.
The security dashboard provides a range of response actions, allowing you to proactively mitigate potential risks. Users can review folder activity, users simply need to tap on the Review folder activity button. This opens a list of all folders allowing you to select the period of time using the drop-down list. The list includes the date, time, location, and the type of action.
Email alerts
These notifications are designed to keep you informed in real-time about any unusual activities or potential threats related to your data.
-
Upon receiving an alert notification email, select the Review user activity button to review the activity.
Selecting Review user activity redirects you to your dedicated security dashboard. The security dashboard serves as a central hub for comprehensive threat analysis and response.
-
Review the items listed under the Activity and Security Alerts tab.
Within the security dashboard, you’ll have access to detailed threat information, including the nature of the alert, a chronological timeline of events, files and folder details, and specific user and location details.
Users can take actions like disabling other user’s access, resetting the user password, and removing from folder access.
Threat remediation
ShareFile offers several actions to mitigate threats. Once alerts are received, employees, clients, and administrators can use the information provided by the alerts to take action.
Roles and Actions:
Employee and client users: - upon receiving an alert can take immediate action including:
- Change Password If they receive an alert about unusual access or failed sign-in attempts, they can change their password to secure their account.
- Review Files If alerted about a malware upload, clients can review their files and delete them if necessary.
Administrators: - upon receiving a notification can take several steps to stop a threat including:
- Blocking account access Admins are able to disable access to an account and delete the user from the system.
- Limit folder access Admins can change permissions for folder access and review folder activity.
- Log the user out Admins can log a user out and reset the password or two-step verification.
- Review files Admins can review, delete, and quarantine the affected files.
Actions to take when an alert is received
-
Change your password: if you receive an alert of unusual access on your account, select Change Password to secure your account.
-
Manage Folder Permissions: if you receive an alert of unusual access on a user or client account, change the folder permissions. For more information on changing folder permissions, see Assigning folders and setting permissions.
-
User specific actions: from your ShareFile account, navigate to People > then select between Browse Employees or Browse Clients to perform the following actions if necessary:
-
Log this user out: if you receive an alert of unusual access on a user or client account, you can log the user out.
-
Delete from all the folders I own: if you receive an alert of unusual access on a user or client account, you can delete the user from all the folders you own.
-
Disable User: if you receive an alert of unusual access on a user or client account, you can disable the users account.
-
Manage notifications
NOTE:
Only ShareFile account administrators can make changes to Security alert settings.
ShareFile administrators are able to select what type of notification emails are sent to different account types. Administrators can tailor the notification settings to align the unique needs and responsibilities of each account.
Enabling notifications by Admin
If an administrator enables notifications for employees, recipients will receive alert emails regardless of their individual settings. In this scenario, even if employees have disabled notifications, they will still receive alerts per the admin’s configuration.
Disabling Notifications by Admin
If an administrator chooses to disable notifications for clients, recipients will not receive alert emails. However, if individuals have enabled notifications for themselves, they will still receive alerts. Admin overrides do not affect individual user preferences in this case.
Mutual Disabling by Admin and Employees
When an administrator disables notifications for employees and individuals on their end and also disables notifications, no alert emails will be sent. This mutual agreement makes it a seamless experience without unnecessary alerts.
Flexible Email Notification System for Security Alerts
Employee users can tailor their email notifications to their preferences. This ensures they are informed about critical security incidents without being overwhelmed by less urgent alerts.
The following information defines the user email notification preferences for security alerts customization.
-
Individual control - Each employee user can customize their email notification preferences for security alerts. They can access their settings or preferences within the system to specify which types of security alerts they want to receive via email.
-
Enable and Disable alerts - Within their settings, employee users can enable or disable specific types of email notifications. For instance, they might choose to receive email alerts for critical security incidents but disable notifications for less severe issues.
Threat alerts forwarding to internal security teams
This allows Admins to efficiently route security-related email alerts to their organization’s internal security team. This ensures prompt action and effective communication in the face of potential threats.
Alert forwarding overview
-
Email routing setup - Admins can access the Alert Preferences section within ShareFile to enable the Email Alert Routing feature. Once activated, they can specify one or more email addresses for their internal security team or distribution list to receive security-related email alerts.
-
Customization Options - Users have the flexibility to add, edit, or remove email addresses associated with the internal security team as needed. Additionally, they can customize the feature by specifying multiple email addresses for different security teams or individuals within the organization.
-
Email Format and Call to Action - Recipients will receive alerts in the same format as Admin emails within the system, providing detailed information about specific security events. This fosters a cohesive and informed response to potential threats.
ShareFile threat detection alerts FAQ
What are the threat detection alerts?
A threat detection alert is a notification that you receive when a potential security threat has been detected on your account or system. ShareFile sends alerts to keep your data and account safe.
Why am I getting these alerts?
Threat detection alerts are sent to help you protect your account and system from harm. By being aware of potential threats, you can take steps to mitigate them before they cause any damage.
The first thing to do is verify its legitimacy. Ensure that the emails are either from sharefile@sf-notifications.com or mail@sf-notifications.com.
You have to confirm that the alert is legitimate.
-
Client - Once the client receives an email, they can change the password.
-
Employee / owner - Once they receive an email, they can select the Review user activity tab within the email. You’re redirected to the dashboard, where you can take the appropriate action, depending on the nature of the threat from the dashboard.
What is the security dashboard? What actions can I take?
It’s where employees/admins can see all the alert details. It provides real-time insights into security events, threats, and vulnerabilities. Actions like disabling another user’s access, deleting the user, or resetting the user’s password are available.
What type of activities will I receive emails?
Clients, employee users, and administrators receive emails for the following types of suspicious activities:
- Unusual login from a different location
- Unusual login from different device and location
- Malware upload
- Multiple authentication failure