Box is a secure file sharing and collaboration platform. In addition to the base product offering, Box also
offers workflow management, security, and compliance with end-to-end data protection.

Securonix integrates with the Box API in order to detect account compromise, malware or viruses,
privilege escalation, data exfiltration and suspicious account behavior events, as well as for context
enrichment for threat chaining.

Event Service/Module Event Types Related Threats Use Cases/Threat Packages Details
Access Access Granted or Revoked, Administrator Login Account Compromise Identity and Access Analytics, Insider Threats Access and login activity events
Collaboration Add/Invite/Remove Collaborators, Accept Collaboration Request, Comment Create/Delete Data Exfiltration, Insider Threat Insider Threats File/Folder collaboration activities
Data Retention Data Retention Create/Delete, Retention Policy Addition Data Exfiltration, Insider Threat Insider Threats Storage expiration and data retention
Device Management Add/Remove Device Association Data Exfiltration, Insider Threat Insider Threats Events linked to access device management
Files & Folders (Items) Item Shared, Synced, Downloaded/Uploaded, Modified, Moved, Renamed, Previewed, Item Share Created/Unshared, Added to Trash Data Exfiltration, Insider Threat Insider Threats File and folder management activities
Folders Folder Permissions Changed Privilege Escalation Insider Threats Folder permission changes
Groups Management Group Creation/Edited/Deletion, Add/Edit/Remove Item, Add/Remove User to Group Privilege Escalation Insider Threats User group management
Roles Administrator Role Change, Collaboration Role Change Privilege Escalation Insider Threats User role management
Security and Application Enable two-factor authentication, Application Creation/Deletion, Application Public Key Shared/Deleted, User OAuth2 Authentication, Failed Login Privilege Escalation Insider Threats, Identity and Access Analytics User security and application configuration changes
Sharing File Marked Malicious (Possible Virus), Shield Alert (Malware), Upload policy violations, Device Trust Check Failure, user session invalidated by Box, abnormal download activity As indicated by the event Insider Threats Malicious activity/suspicious activity alerts
Tasks Task Create, Task Assign, Task Update, Task Assignment Updates Privilege Escalation Insider Threats Task related events
Terms of Service Terms of Service Accept/Reject As indicated by the event Insider Threats Events triggered when terms of service are accepted or rejected

User Creation/Updation/Editing/Deletion, Email Alias Confirmed/Removed
Privilege Escalation Insider Threats User management events
Workflow Content workflow policy/automation addition, abnormal downloads Privilege Escalation, Abnormal file downloads and access Insider Threats Workflow events
Legal Legal Hold Policy and Assignment Management Suspicious File Activity, DLP (Data Loss Prevention)
Insider Threats
Legal provision linked policy and assignment events