Skip to main content

Sumo Logic App for Dropbox


The Dropbox App for Sumo Logic allows you to monitor and analyze Dropbox usage data for your organization, offering insight into user activity, file access, sharing, and collaboration. This app is based on the Cloud-to-Cloud Dropbox Source, which allows Dropbox and Sumo Logic to work together seamlessly.

The Dropbox App makes it simple to import data from your Dropbox account into Sumo Logic, where you can perform real-time analysis and create dashboards to visualize key metrics. You can gather information about user activity and file access, track changes in file and folder ownership, and track collaboration across your organization.

The Dropbox App for Sumo Logic offers several useful features:

  • Monitor and analyze your Dropbox usage data in real-time.
  • Gain insights into file access, sharing, and collaboration across your organization,
  • Detect anomalous behavior and potential security threats, and customize dashboards to track key performance indicators
  • Customize dashboards to visualize important metrics and track key performance indicators.

To help you get started quickly, the app provides pre-built dashboards and searches that display important Dropbox usage metrics like top users, file access patterns, and shared files. In summary, the Dropbox App for Sumo Logic provides you with the necessary tools to monitor and analyze your organization's Dropbox usage data, giving you valuable insights into user behavior and potential security risks.

Log Types

The Dropbox App for Sumo Logic uses Team events from Dropbox to generate logs that can be used for monitoring and analysis. To access more information about the specific fields for the v2 version of Dropbox events, refer to the Migration guide, which provides a comprehensive list of available log types.

Sample Log Messages

"timestamp": "2017-08-14T06:49:20Z",
"event_category": {
".tag": "file_operations"
"actor": {
".tag": "user",
"user": {
".tag": "team_member",
"account_id": "dbid:ABCDMCvPlupS23WsLcsxD1q0I-fTX7gxRw",
"display_name": "John Smith",
"email": "",
"team_member_id": "dbmid:ABCD_JXBjElUPaMLW7XewoH7F1euVwLQceo"
"origin": {
"geo_location": {
"city": "San Francisco",
"region": "California",
"country": "US",
"ip_address": ""
"host": {
"host_id": 1000000000
"access_method": {
".tag": "end_user",
"end_user": {
".tag": "web"
"involve_non_team_member": false,
"context": {
".tag": "team_member",
"account_id": "dbid:ABCDMCvPlupS23WsLcsxD1q0I-fTX7gxRw",
"display_name": "John Smith",
"email": "",
"team_member_id": "dbmid:ABCD_JXBjElUPaMLW7XewoH7F1euVwLQceo"
"assets": [
".tag": "file",
"path": {
"contextual": "/folder/office.jpg",
"namespace_relative": {
"ns_id": "1122112231",
"file_id": "id:1111111111AAAAAAAAAAAA",
"event_type": {
".tag": "file_add",
"description":"Added files and/or folders."
"details": {
".tag": "file_add_details"

Sample Queries

Active Team Members
| json "$['actor']['.tag']","$['actor']*['.tag']","$['actor']*['account_id']","$['actor']*['display_name']","$['actor']*['email']","$['actor']*['team_member_id']","$['event_type']['.tag']","$['event_type']['description']","details.app_info.display_name", "origin.geo_location.ip_address", "","$['event_category']['.tag']","involve_non_team_member" as actor,actor_is_team_member,actor_account_id, actor_display_name, actor_email,actor_team_member_id, event_type, event_type_description, app_name,location,country, event_category,involve_non_team_member nodrop
| where actor matches"{{actor}}"
| where event_category matches"{{event_category}}"
| where country matches"{{country}}" or isNull(country)
| where involve_non_team_member matches "{{involve_non_team_member}}"
| json field=actor_email "[0]" as email nodrop
| if(isNull(email),,email) as email
| json field=actor_display_name "[0]" as name nodrop
| if(isNull(name),actor,name) as name
| json field=actor_is_team_member "[0]" as true_value_actor_is_team_member | where %"true_value_actor_is_team_member" = "team_member"
| where actor matches "*admin*" or actor matches "*user*"
| timeslice 1h
| count_distinct(actor_email) by _timeslice
| sort by _timeslice

Collecting Logs for Dropbox app

This section provides instructions for setting up Cloud-to-Cloud-Integration for Dropbox Source to create the source and use the same source category while installing the app.

Installing the Dropbox app​

This section has instructions for installing the Dropbox App for Sumo Logic.

To install the app:

  1. From the Sumo Logic navigation, select App Catalog.
  2. In the Search Apps field, search for and then select your app.
  3. Optionally, you can scroll down to preview the dashboards included with the app. Then, click Install App (sometimes this button says Add Integration).

    If your app has multiple versions, you'll need to select the version of the service you're using before installation.

  4. On the next configuration page, under Select Data Source for your App, complete the following fields:
    • Data Source. Select one of the following options:
      • Choose Source Category and select a source category from the list; or
      • Choose Enter a Custom Data Filter, and enter a custom source category beginning with an underscore. For example, _sourceCategory=MyCategory.
    • Folder Name. You can retain the existing name or enter a custom name of your choice for the app.
    • All Folders (optional). Default location is the Personal folder in your Library. If desired, you can choose a different location and/or click New Folder to add it to a new folder.
  5. Click Next.
  6. Look for the dialog confirming that your app was installed successfully.

Once an app is installed, it will appear in your Personal folder or the folder that you specified. From here, you can share it with other users in your organization. Dashboard panels will automatically start to fill with data matching the time range query received since you created the panel. Results won't be available immediately, but within about 20 minutes, you'll see completed graphs and maps.

Viewing the Dropbox Dashboards​

  • All dashboards have a set of filters that you can apply to the entire dashboard, as shown in the following example. Click the funnel icon in the top dashboard menu bar to display a scrollable list of filters that are applied across the entire dashboard.

You can use filters to drill down and examine the data on a granular level. Filters include client country, client device type, client IP, client request host, client request URI, client request user agent, edge response status, origin IP, and origin response status.

  • Each panel has a set of filters that are applied to the results for that panel only, as shown in the following example. Click the funnel icon in the top panel menu bar to display a list of panel-specific filters.

Dropbox Dashboard Overview

Dropbox - Overview. This dashboard provides valuable insights on the activities of active members, uniquely linked applications, and login events. It also offers a summary of user agent activity, analyzes the distribution of all event categories within Dropbox, displays the geolocations of all events, identifies the most frequent event types within important event categories, and tracks recently added team members.

Moreover, the dashboard provides an overview of all events related to internal and external sharing within the team, including the sharing of files and folders with external domains. Overall, this dashboard offers comprehensive information about the team's activity and facilitates efficient monitoring of various important events.

File Statistics

Dropbox - File Statistics. This dashboard offers visibility into team members' file operations, including the most frequent file operations, geolocations of file operations, linked apps, and user activity. Additionally, it displays recent file operations along with associated assets.

Logins, Devices & Sessions

Dropbox - Logins, Devices & Sessions.

This dashboard provides visibility into login geolocations, including risky countries, and displays a table view of successful device links. It also presents the distribution of team-linked and user-linked apps. Additionally, the dashboard lists users with frequent device IP changes and frequent failed login attempts to monitor for potential breaches.

Team Admin Actions

Dropbox - Team Admin Actions. This dashboard displays the most frequent actions performed by administrators and provides a table view of the top active admins along with their respective countries. It also shows all recent admin activities for easy monitoring.

Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.