heroui logo

Dropbox Admin sign-in-as Session

Panther Rules

View Source
Summary
This detection rule is designed to alert security teams when an admin starts a sign-in-as session in Dropbox, allowing them to act on behalf of another user. This is significant, as such actions can lead to unauthorized access to sensitive data if not properly monitored. The rule utilizes log information from Dropbox events, specifically looking for events categorized under 'logins' related to sign-in-as session starts. The rule checks for any instance where an admin user begins a session on behalf of another team member. Alerts are generated when these events are recorded, enabling teams to investigate potential security risks associated with admin account actions. The rule operates on Dropbox logs within a defined deduplication period of 60 minutes to prevent excessive alerting for repeated actions, maintaining operational efficiency in threat management.
Categories
  • Cloud
  • Application
  • Identity Management
Data Sources
  • Cloud Service
  • Application Log
Created: 2023-04-21