SECOPS

PII Content Scan on New Dropbox External Share

When a file gets an external Dropbox link, it reads the file content, uses an AI classifier to detect PII or secrets.

CategorySecOps

EngineSim + Paperclip

Difficultyadvanced

Triggerwebhook

Steps6

Setup~25 min

How it runs

The automated pipeline, trigger to output.

TriggerDropbox external-link created webhookDropbox
ActionDownload shared file contentDropbox
ActionClassify content for PII and secretsOpenAI
LogicBranch on severity and public visibility
ActionPage on-call for high-severity public matchPagerDuty
OutputPost all findings to SecOps SlackSlack

What it does

This inspects what is actually inside a newly externally shared Dropbox file rather than just guessing from the filename. It downloads the content, runs an AI classifier to detect PII, credentials, or regulated data, and for high-severity public matches it pages the on-call engineer immediately while logging lower-severity finds for review.

When to use it

Use this when filename heuristics are not enough and you need true content-aware detection at the moment of external sharing, with real paging for the worst cases (a spreadsheet of SSNs or a file of API keys going public).

How it works

1A Dropbox webhook fires when an external link is created.
2Dropbox returns the file content for the shared item.
3An OpenAI classifier scores the content for PII, secrets, and regulated data with a severity level.
4A logic step branches on severity and public visibility.
5High-severity public matches page on-call via PagerDuty; all findings post to the SecOps Slack channel for the record.

Set it up

What you configure once, before turning it on.

1
Connect DropboxFiles and folders.
2
Connect OpenAIModels, embeddings, files.
3
Connect PagerDutyIncidents, on-call, escalations.
4
Connect SlackChannels, DMs, threads, mentions.
5
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
6
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
7
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More SecOps workflows

Scheduled AWS Access-Key Age Sweep and Forced Rotation

Runs daily to find IAM access keys older than your policy threshold, deactivates the stale key, issues a fresh pair, and notifies the key owner with their replacement instructions.

Correlate Datadog WAF anomaly alert with Cloudflare evidence

When Datadog fires a WAF block-rate anomaly monitor, it pulls the matching Cloudflare firewall events, builds an evidence pack of top rules and ASNs.

Exposed-Secret Incident Triage and Remediation Agent

An agent-driven workflow that investigates a reported leaked secret end to end, decides revoke-versus-escalate, executes the rotation.

Non-Rotatable Leaked Secret to PagerDuty Escalation

Catches secret-scan hits for credentials that cannot be auto-rotated, gathers blast-radius context, and pages the on-call engineer with a step-by-step manual rotation runbook.

GitHub Secret-Scan Hit to Auto-Revoke and Rotate

When GitHub secret scanning flags a leaked credential in a repo, it auto-classifies the secret type, revokes the live key at the provider, mints a replacement.

Post-Revocation Verification and Audit Logging

After a key is revoked, it confirms the old credential actually fails, verifies the replacement works.

Browse all SecOps →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

Software

AI Tools Startup

Ship an AI tool, distribute on every channel, watch the unit economics.

Finance

Research & Trading Desk

Governance-first research, execution, and risk — every trade on the audit trail.

Operations

Internal Operations

Runbooks, on-call, vendor management — disciplined and audited.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →