Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
---|---|---|---|---|---|---|---|
Box Events | ✅ | ✅ | box_events | NDJSON | API | ||
Box Users | ✅ | box_users | NDJSON | API | |||
Box Groups | box_groups | NDJSON | API |
Overview
Box develops and markets cloud-based content management, collaboration, and file sharing tools for businesses. Integrating Box logs into Hunters allows collection and ingestion of the data, as well as leveraging the data for events and security content in the Hunters platform.
Supported data types
Box Events
Table name: box_events
Detailed records capturing security-related activities within Box, such as access changes, login attempts, file sharing, and other actions that could affect the security and compliance posture of an organization's data stored in Box. These logs are vital for monitoring, auditing, and investigating security incidents to ensure data protection and regulatory compliance.
Box Users
Table name: box_users
Box user logs from Box security detail the specific actions and activities performed by users within the Box platform, focusing on security-relevant information. This includes data access, file modifications, login attempts, and sharing activities, enabling organizations to monitor, audit, and respond to potential security incidents involving their stored data.
Box Groups
Table name: box_groups
Box groups logs from Box security involve records of activities related to the management and operation of user groups within the Box platform. These logs could include information on group creation, deletion, membership changes, permission adjustments, and access to shared content by group members, which are crucial for security oversight and compliance management.
Send data to Hunters
Hunters supports the collection of logs from Box using API.
To connect Box logs:
Configure Client Credentials Grant Authentication using this guide
Retrieve the following API keys from Box platform:
Enterprise ID
Client ID
Client Secret
Complete the process on the Hunters platform, following this guide.
Expected format
Logs are expected in NDJSON format.
Events
{"source":{"type":"user","id":"12341","name":"User 1","login":"user1@example.com"},"created_by":{"type":"user","id":"12341","name":"User 1","login":"user1@example.com"},"action_by":null,"created_at":"2023-09-19T08:04:32-07:00","event_id":"abcd123-9fec-46a6-b827-abcd12345","event_type":"ADD_LOGIN_ACTIVITY_DEVICE","ip_address":"12.123.12.12","type":"event","session_id":null,"additional_details":null}
Users
{"type":"user","id":"12341","name":"ab1","login":"user1@example.com","created_at":"2023-09-19T08:04:29-07:00","modified_at":"2023-09-19T08:06:38-07:00","language":"en","timezone":"America\/Los_Angeles","space_amount":999999999000000,"space_used":0,"max_upload_size":53687091200,"status":"active","job_title":"","phone":"123-123123123","address":"","avatar_url":"https:\/\/aaa.example.com\/api\/fff\/vvv\/1234","notification_email":null}
Groups
{"type": "group", "id": "123456789", "name": "Testing", "group_type": "group_type1"}