Skip to main content

Responses are generated using AI and may contain mistakes.

CollectorsCloud Collectors Administration Guide

Prerequisites to Configure the Box Cloud Collector

Before you configure the Box Cloud Collector you must complete the following prerequisites:

  • Ensure that the https://*.box.com service is open for communication with the New-Scale Security Operations Platform.

  • Enable two-factor authentication.

  • Obtain the JWT JSON file by creating a Box Platform App.

  • (Optional) Enable the Box shield events to collect data.

Enable Two-factor Authentication

Before you configure the Box cloud collector, you must enable two-factor authentication for the Box account. To enable two-factor authentication:

  1. Log in to the Box account by accessing https://app.box.com/account.

  2. Navigate to Account Settings > Account > Authentication.

  3. Select Require 2-step verification to protect your account. For more information, see the Box Documentation.

  4. Enter a mobile phone number to enable the two-factor authentication and click Continue.

Obtain the JSON file by Creating a Box Platform App

Box APIs are authenticated via application keys using JSON Web Tokens (JWT) to allow server-to-server authentication. JWT uses a public key pair to verify the application's permissions. You must create a Box platform app to obtain the JSON file to use while configuring the Box cloud collector.

To create a Box app:

  1. Log in to the Box developer console.

  2. On the My Platform Apps page, click Create Platform App.

    Box_prereq_1.png
  3. Select the app type Custom apps.

  4. On the Create a Custom App page, enter the details such as app name, description, purpose for creating this app, category, and name of the external system with which you are integrating the app.

    Box_prereq_2.png

    Note

    Make sure to specify the app name SkyFormation Integration to prevent any additional costs associated with API calls.

  5. In step 2, select Sever Authentication (with JWT), and click Create App.

    Box_prereq_3.png

    A confirmation message informs that the custom app is created.

    Box_prereq_4.png
  6. In the Configuration section, ensure that the App access level is set to App + Enterprise Access.

    Point_6.png
  7. Scroll down to the Application Scopes section and to define the permissions for the application to access data select the check box for Manage enterprise properties.

    Box_prereq_6.png
  8. Make sure that the options in the Advanced Features section are disabled. If enabled, these options would interfere with the authentication process.

  9. In the Add and Manage Public Keys section, click Generate a Public/Private Keypair to download a JSON configuration file.

    Box_prereq_5_1.png

    Note

    Enter the authentication code that you may get via the registered email address to complete the download process.

    Box_prereq_admin_approval_4.png
  10. Save the JSON configuration file and copy the data. Use this data while configuring the Box cloud collector.

  11. Click Save Changes.

  12. In the Authorization tab, click Review and Submit to submit the App for Authorization to the Box Administrator and thereafter get the app authorized by the Box Administrator.

    Box_prereq_admin_approval_3.png

    The request is submitted for Box administrator's approval. To avoid test connection failure, ensure that you create a request to authorize the app, and get the request approved by the Box administrator. The Box administrator can authorize the app by accessing the Box administrator account on https://app.box.com/account, and then navigating to Admin Console > Integrations > Platform Apps Manager.

    Box_prereq_admin_approval_5_1.png
  13. Check that the Box Account Admin user has granted the permissions that you requested for the Box Platform App.

    Box_prereq_admin_approval_1.png

    The Box admin user must have the Account Admin role to grant the requested access permissions. To ensure that the user has the Account Admin role, log in to the Box account by accessing https://app.box.com/account, and navigate to the Account Details section and check the username in the Admin Contact section.

Enable Box Shield Events

The Box Shield alert events provide security incident alerts such as suspicious locations, suspicious sessions, anomalous download, and malicious content. The shield alert events are produced within the enterprise event stream.

The Cloud Collector for Box consumes the enterprise event stream to collect the data from Box Shield notifications. You can configure the Box account to include shield alerts if your Box enterprise account has the Box shield events enabled. To collect this data, enable the Publish alert to Box Event Stream option while configuring the Box shield rules in the Box portal. For more information see the Box documentation.