Threat detection alerts
If ShareFile detects unusual account activity, it will send out an email alert so admins, employee users, or client users of ShareFile can act on threats as soon as they’re detected.
Security alerts and recipients
Security alerts are sent to each persona in the given scenarios.
|Alert type||Client / Employee||ShareFile Admin||Folder owner|
|Unusual location alert||Y||Y||Y|
|Unusual device & location alert||Y||Y||Y|
|More than 5 failed sign-in attempts||Y||Y|
Client / Employees - refers to the client and employee users who access ShareFile accounts.
ShareFile Admin - refers to the account owner or administrator of the ShareFile account.
Folder owner - refers to the employees or users with access to ShareFile accounts.
The security alert dashboard includes:
Alert History - A log of the past 30 days threats and their details, allowing users to review historical security events.
Event Timeline - A chronological list of activities and events related to the alert, providing context about what happened.
Affected Files or Folders - Information about the specific files or folders that may have been involved in the security event.
User and Location Details - Details about the user accounts, devices, and locations associated with the alert.
Employees and administrators can access the Activity and Security Alerts dashboard within the ShareFile web UI by navigating People > Browse Clients >
select client name then selecting the Activity and Security Alerts tab that provides detailed information about the alert.
Activity and Security Alerts dashboard
The ShareFile Activity and Security Alerts dashboard provides a view of recent security alerts and user activity details when a security warning occurs.
The security dashboard provides a range of response actions, allowing you to proactively mitigate potential risks. Users can review folder activity, users simply need to tap on the Review folder activity button. This opens a list of all folders allowing you to select the period of time using the drop-down list. The list includes the date, time, location, and the type of action.
These notifications are designed to keep you informed in real-time about any unusual activities or potential threats related to your data.
Upon receiving an alert notification email, select the Review user activity button to review the activity.
Selecting Review user activity redirects you to your dedicated security dashboard. The security dashboard serves as a central hub for comprehensive threat analysis and response.
Review the items listed under the Activity and Security Alerts tab.
Within the security dashboard, you’ll have access to detailed threat information, including the nature of the alert, a chronological timeline of events, files and folder details, and specific user and location details.
Users can take actions like disabling other user’s access, resetting the user password, and removing from folder access.
ShareFile offers several actions to mitigate threats. Once alerts are received, employees, clients, and administrators can use the information provided by the alerts to take action.
Roles and Actions:
Employee and client users: - upon receiving an alert can take immediate action including:
- Change Password If they receive an alert about unusual access or failed sign-in attempts, they can change their password to secure their account.
- Review Files If alerted about a malware upload, clients can review their files and delete them if necessary.
Administrators: - upon receiving a notification can take several steps to stop a threat including:
- Blocking account access Admins are able to disable access to an account and delete the user from the system.
- Limit folder access Admins can change permissions for folder access and review folder activity.
- Log the user out Admins can log a user out and reset the password or two-step verification.
- Review files Admins can review, delete, and quarantine the affected files.
Actions to take when an alert is received
Change your password: if you receive an alert of unusual access on your account, select Change Password to secure your account.
Manage Folder Permissions: if you receive an alert of unusual access on a user or client account, change the folder permissions. For more information on changing folder permissions, see Assigning folders and setting permissions.
User specific actions: from your ShareFile account, navigate to People > then select between Browse Employees or Browse Clients to perform the following actions if necessary:
Log this user out: if you receive an alert of unusual access on a user or client account, you can log the user out.
Delete from all the folders I own: if you receive an alert of unusual access on a user or client account, you can delete the user from all the folders you own.
Disable User: if you receive an alert of unusual access on a user or client account, you can disable the users account.
ShareFile administrators are able to select what type of notification emails are sent to different account types. Administrators can tailor the notification settings to align the unique needs and responsibilities of each account.
ShareFile threat detection alerts FAQ
A threat detection alert is a notification that you receive when a potential security threat has been detected on your account or system. ShareFile sends alerts to keep your data and account safe.
Threat detection alerts are sent to help you protect your account and system from harm. By being aware of potential threats, you can take steps to mitigate them before they cause any damage.
The first thing to do is verify its legitimacy. Ensure that the emails are either from
You have to confirm that the alert is legitimate.
Client - Once the client receives an email, they can change the password.
Employee / owner - Once they receive an email, they can select the Review user activity tab within the email. You’re redirected to the dashboard, where you can take the appropriate action, depending on the nature of the threat from the dashboard.
It’s where employees/admins can see all the alert details. It provides real-time insights into security events, threats, and vulnerabilities. Actions like disabling another user’s access, deleting the user, or resetting the user’s password are available.
Clients, employee users, and administrators receive emails for the following types of suspicious activities:
- Unusual login from a different location
- Unusual login from different device and location
- Malware upload
- Multiple authentication failure