CLOUD CONNECTOR
Box
Box is a secure file sharing and collaboration platform. In addition to the base product offering, Box also
offers workflow management, security, and compliance with end-to-end data protection.
Securonix integrates with the Box API in order to detect account compromise, malware or viruses,
privilege escalation, data exfiltration and suspicious account behavior events, as well as for context
enrichment for threat chaining.
| Event Service/Module | Event Types | Related Threats | Use Cases/Threat Packages | Details |
|---|---|---|---|---|
| Access | Access Granted or Revoked, Administrator Login | Account Compromise | Identity and Access Analytics, Insider Threats | Access and login activity events |
| Collaboration | Add/Invite/Remove Collaborators, Accept Collaboration Request, Comment Create/Delete | Data Exfiltration, Insider Threat | Insider Threats | File/Folder collaboration activities |
| Data Retention | Data Retention Create/Delete, Retention Policy Addition | Data Exfiltration, Insider Threat | Insider Threats | Storage expiration and data retention |
| Device Management | Add/Remove Device Association | Data Exfiltration, Insider Threat | Insider Threats | Events linked to access device management |
| Files & Folders (Items) | Item Shared, Synced, Downloaded/Uploaded, Modified, Moved, Renamed, Previewed, Item Share Created/Unshared, Added to Trash | Data Exfiltration, Insider Threat | Insider Threats | File and folder management activities |
| Folders | Folder Permissions Changed | Privilege Escalation | Insider Threats | Folder permission changes |
| Groups Management | Group Creation/Edited/Deletion, Add/Edit/Remove Item, Add/Remove User to Group | Privilege Escalation | Insider Threats | User group management |
| Roles | Administrator Role Change, Collaboration Role Change | Privilege Escalation | Insider Threats | User role management |
| Security and Application | Enable two-factor authentication, Application Creation/Deletion, Application Public Key Shared/Deleted, User OAuth2 Authentication, Failed Login | Privilege Escalation | Insider Threats, Identity and Access Analytics | User security and application configuration changes |
| Sharing | File Marked Malicious (Possible Virus), Shield Alert (Malware), Upload policy violations, Device Trust Check Failure, user session invalidated by Box, abnormal download activity | As indicated by the event | Insider Threats | Malicious activity/suspicious activity alerts |
| Tasks | Task Create, Task Assign, Task Update, Task Assignment Updates | Privilege Escalation | Insider Threats | Task related events |
| Terms of Service | Terms of Service Accept/Reject | As indicated by the event | Insider Threats | Events triggered when terms of service are accepted or rejected |
|
User Management |
User Creation/Updation/Editing/Deletion, Email Alias Confirmed/Removed |
Privilege Escalation | Insider Threats | User management events |
| Workflow | Content workflow policy/automation addition, abnormal downloads | Privilege Escalation, Abnormal file downloads and access | Insider Threats | Workflow events |
| Legal | Legal Hold Policy and Assignment Management | Suspicious File Activity, DLP (Data Loss Prevention) |
Insider Threats |
Legal provision linked policy and assignment events |