Box

Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Box Events

✅

✅

box_events

NDJSON

API

Box Users

✅

box_users

NDJSON

API

Box Groups

box_groups

NDJSON

API


Overview

image.pngBox develops and markets cloud-based content management, collaboration, and file sharing tools for businesses. Integrating Box logs into Hunters allows collection and ingestion of the data, as well as leveraging the data for events and security content in the Hunters platform.

Supported data types

Box Events

Table name: box_events

Detailed records capturing security-related activities within Box, such as access changes, login attempts, file sharing, and other actions that could affect the security and compliance posture of an organization's data stored in Box. These logs are vital for monitoring, auditing, and investigating security incidents to ensure data protection and regulatory compliance.

Box Users

Table name: box_users

Box user logs from Box security detail the specific actions and activities performed by users within the Box platform, focusing on security-relevant information. This includes data access, file modifications, login attempts, and sharing activities, enabling organizations to monitor, audit, and respond to potential security incidents involving their stored data.

Box Groups

Table name: box_groups

Box groups logs from Box security involve records of activities related to the management and operation of user groups within the Box platform. These logs could include information on group creation, deletion, membership changes, permission adjustments, and access to shared content by group members, which are crucial for security oversight and compliance management.

Send data to Hunters

Hunters supports the collection of logs from Box using API.

To connect Box logs:

  1. Configure Client Credentials Grant Authentication using this guide

  2. Retrieve the following API keys from Box platform:

    • Enterprise ID

    • Client ID

    • Client Secret

  3. Complete the process on the Hunters platform, following this guide.

Expected format

Logs are expected in NDJSON format.

Events

{"source":{"type":"user","id":"12341","name":"User 1","login":"user1@example.com"},"created_by":{"type":"user","id":"12341","name":"User 1","login":"user1@example.com"},"action_by":null,"created_at":"2023-09-19T08:04:32-07:00","event_id":"abcd123-9fec-46a6-b827-abcd12345","event_type":"ADD_LOGIN_ACTIVITY_DEVICE","ip_address":"12.123.12.12","type":"event","session_id":null,"additional_details":null}

Users

{"type":"user","id":"12341","name":"ab1","login":"user1@example.com","created_at":"2023-09-19T08:04:29-07:00","modified_at":"2023-09-19T08:06:38-07:00","language":"en","timezone":"America\/Los_Angeles","space_amount":999999999000000,"space_used":0,"max_upload_size":53687091200,"status":"active","job_title":"","phone":"123-123123123","address":"","avatar_url":"https:\/\/aaa.example.com\/api\/fff\/vvv\/1234","notification_email":null}

Groups

{"type": "group", "id": "123456789", "name": "Testing", "group_type": "group_type1"}