- Supported Cloud Connectors
- Armis Cloud Connector
- AWS Cloud Connector
- AWS Multi-Tenant Cloud Connector
- Azure Cloud Connector
- Azure Cloud Connector Overview
- Azure Audit Source and Event Support
- Prerequisites to Configure the Azure Cloud Connector
- Configure the Azure Cloud Connector
- Collect EventHub Information for Azure EventHub Endpoints
- Collect all Microsoft Defender ATP Events
- Configure Azure to Monitor Security Center Events in Azure VMs
- Bitglass Cloud Connector
- Box Cloud Connector
- Centrify Cloud Connector
- Cisco AMP for Endpoints Cloud Connector
- Cisco Meraki Cloud Connector
- Cisco Umbrella Cloud Connector
- Citrix ShareFile Cloud Connector
- Cloudflare Cloud Connector
- Code42 Incydr Cloud Connector
- CrowdStrike Falcon Cloud Connector
- Cybereason Cloud Connector
- CylanceProtect Cloud Connector
- Dropbox Business Cloud Connector
- Duo Security Cloud Connector
- Egnyte Cloud Connector
- Fidelis Cloud Connector
- GitHub Cloud Connector
- Google Cloud Platform (GCP) Cloud Connector
- Google Cloud Pub/Sub Cloud Connector
- Google Workspace (Formerly G Suite) Cloud Connector
- LastPass Enterprise Cloud Connector
- Mimecast Email Security Cloud Connector
- Netskope Cloud Connector
- Office 365 Cloud Connector
- Okta Cloud Connector
- OneLogin Cloud Connector
- Palo Alto Networks SaaS Security Cloud Connector
- Ping Identity Cloud Connector
- Proofpoint Cloud Connector
- Rapid7 InsightVM Cloud Connector
- Salesforce Cloud Connector
- SentinelOne Cloud Connector
- ServiceNow Cloud Connector
- Slack App Cloud Connector
- Slack Classic App Cloud Connector (Formerly known as Slack Enterprise Grid Cloud Connector)
- Snowflake Cloud Connector
- Sophos Central Cloud Connector
- Symantec CloudSOC Cloud Connector
- Symantec Endpoint Protection (SEP) Mobile Cloud Connector
- Symantec Email Security.cloud Cloud Connector
- Symantec WSS Cloud Connector
- Tenable.io Cloud Connector
- VMware Carbon Black Cloud Endpoint Standard Cloud Connector
- Workday Cloud Connector
- Zoom Cloud Connector
- Custom Cloud Connector
- Webhook Cloud Connector
Box Cloud Connector
Box is a cloud service that offers secure online file sharing and content management and collaboration solutions for enterprise environments. Box offers document management for users to store, share, and collaborate on files and documents. The Box platform makes content accessible, sharable, and storable in any format from any device and lets enterprises securely access and manage critical information in the cloud. For more information see the Box documentation.
Prerequisites to Configure the Box Connector
The following table displays the audit source API and security events supported by the connector.
Audit Source: API | Service or Module Covered | Event Types | Event Included |
|---|---|---|---|
Files and folders | File/folder synced, file downloaded/uploaded, watermark created/deleted, file/folder viewed/previewed, file/folder deleted/moved/copied/renamed, file locked, file/folder comment added/deleted | Events related to file and folder management activities | |
Folder ACL | Folder permissions changed | Events related to permission changes on folders | |
Access | Login success/failed, login on behalf of, admin login, user logged-in from a new device | Events related to access and login activities | |
Users management | User created, user deleted, user updated, email alias confirmed/removed | Events related to user management | |
Groups management | Group created, group deleted, user added to group, user removed from group | Events related to groups’ management | |
Roles | |||
Collaboration | Collaborator added to folder, collaborator role changed, collaborator invite sent | Events related to folder collaboration activities | |
Sharing | File/folder un/shared, file/folder enabled/disabled for sharing | Events related to file/folder sharing | |
Security settings | Two-factor authentication enabled by user, user become managed user, app public key added/deleted | Events related to security settings changes in user or system scope | |
Tasks | Task created and task assigned | Events related to tasks | |
Device Management | Device association added/removed | Events related to tasks | |
Folder ACL | Folder permissions changed | Events related to permission changes on folders | |
Data retention | Set file auto delete, data retention created/removed, retention policy un/assigned | Events related to storage expiration and data retention | |
Workflow | Content workflow policy added, workflow automation added etc | Events related to workflows | |
Security alerts | Suspicious locations, Suspicious sessions, Anomalous download, Malicious content |
Before you configure the Box connector you must complete the following prerequisites:
Ensure that the https://*.box.com service is open for communication with the Exabeam Cloud Connector platform.
Enable two-factor authentication.
Obtain the application key by creating a Box app.
(Optional) Enable the Box shield events to collect data .
Enable Two-factor Authentication
Before you configure the Box connector, you must enable two-factor authentication for the Box account. To enable two-factor authentication:
Log in to the Box account by accessing https://app.box.com/account.
Navigate to Account Settings > Account > Authentication.
Select Require 2-step verification to protect your account. For more information, see the Box Documentation.
Enter a mobile phone number to enable the two-factor authentication and click Continue.
Obtain the Application Key by Creating a Box App
Box APIs are authenticated via application keys using JSON Web Tokens (JWT) to allow server-to-server authentication. JWT uses a public key pair to verify the application's permissions. You must create a Box app to obtain the public key to use while configuring the Box connector.
To create a Box app:
Log in to the Box developer console.
Click Create New App.
Click Enterprise Integration.
Select OAuth 2.0 with JWT (Server Authentication) and click Next.
Specify the name
SkyFormation Integrationfor the app and click Create App.Note
Make sure to specify the app name to prevent any additional costs associated with API calls.
Click View Your App.
In the Application Access section, select Enterprise.
To define the permissions for the application to access data: in the Application Scopes section, select the check boxes for Manage Users, Manage Groups, and Manage enterprise properties.
Make sure that the options in the Advanced Features section are disabled. If enabled, these options would interfere with the authentication process.
Click Save Changes.
In the Add and Manage Public Keys section, click Generate a Public/Private Keypair and download a JSON configuration file.
Save the JSON configuration file and copy the data. You will use this data to configure the Cloud Connector for Box.
Check that the Box Account Admin user has granted the permissions that you requested for the Box Enterprise App. The Box admin user must have the Account Admin role to grant the requested access permissions. To ensure that the user has the Account Admin role, log in to the Box account by accessing https://app.box.com/account, and navigate to the Account Details section and check the username in the Admin Contact section.
Note
To avoid test connection failure, ensure that you create a request to authorize the app via App Settings, and get the request approved by accessing admin console, using the Box administrator account.
Enable Box Shield Events
The Box Shield alert events provide security incident alerts such as suspicious locations, suspicious sessions, anomalous download, and malicious content. The shield alert events are produced within the enterprise event stream.
The Exabeam Cloud Connector for Box consumes the enterprise event stream to collect the data from Box Shield notifications. You can configure the Box account to include shield alerts if your Box enterprise account has the Box shield events enabled. To collect this data, enable the Publish alert to Box Event Stream option while configuring the Box shield rules in the Box portal. For more information see the Box documentation.
To configure the Box connector to import data into the Exabeam Cloud Connector platform:
Complete thePrerequisites to Configure the Box Connector.
Log in to the Exabeam Cloud Connectors platform with your registered credentials.
Navigate to Settings > Accounts > Add Account.
Click Select Service to Add, then select Box from the list.
In the Accounts section, enter the required information.
Account Name – Specify a name for the Box connector. For example, Box file sharing and content management.
Description – (Optional) Provide a description for the Box connector. For example, Box, a cloud service for secure file sharing and content management.
Jwt-Json – Paste the data that you copied from the JSON configuration file that you obtained while completing prerequisites.
Note
Required fields are indicated with a red bar.
To confirm that the Exabeam Cloud Connector platform communicates with the service, click Test Connection.
Click Done to save your changes. The cloud connector is now set up on the Exabeam Cloud Connector platform.
To ensure that the connector is ready to send and collect data, Start the connector and check that the status shows
OK.