HomeDocumentation and Guides


Table of Contents

Box is a data storage and file sharing platform. Cisco Cloudlock enables users to use policies to monitor content and user activity in their Box environments.

For prerequisites and installation steps see Box Quick Start Setup Guide.

Monitoring Scope

Cloudlock for Box supports a monitoring scope for organizations that want to customize which users are monitored. You can configure your monitoring scope in the Platforms tab of the Settings Page by selecting the Box platform. You have the option to monitor files and activities of all users/groups, specific users/groups, or all users/groups with the exception of specific users/groups. Adding a list of domains will monitor the selected scope within those domains.

Cisco Cloudlock monitors Box in the following policies:
###Data Loss Prevention (DLP)


Shared with internal (managed) users
Users listed and added through the Box Admin Console, including when files are shared with a link to people within the organization.

Shared with external (unmanaged) users
Box accounts outside of the listed users in the Box Admin Console

Shared with a public link
Anyone with the link has access.

Shared with users outside the domain(s) specified in Settings
External users outside the home domain

Specific shares (Users and Groups; Domains and top-level domains)
Any internal or external users, groups or domains specifically listed

User Events and Behavior Analytics (UEBA)

  • Build Your Own: Event Analysis

##Response Actions
In addition to the Global Response Actions available in all platforms, Box also has two unique Response Actions:

Quarantine Users files

  • Moves the file to a Quarantine folder only accessible to the Box admins.
  • The box admin can add other users to the Quarantine folder access list
  • The Quarantine folder is accessible by the admins in the Content Manager section of the Box Admin Console
  • The Box admin can approve the file to make it available or reject the file which deletes it.
  • All collaborators will be removed and the Box account admin made the owner of the file.

Revoke File Share

Expires the URL of the file shared.

Revoke Folder Collaborators

Expires any collaborators on a folder shared externally.


Notifying End Users of Quarantined Files

No notification is automatically sent out when a user file is quarantined. It is recommended that this response action coincides with a Notify End User by Email response action (when appropriate) to inform the end user of the violation and quarantine.

##Incident Examples


Context Only Policy Incident


Context Only Policy History


Predefined Policy Incident


Event Analysis Policy Incident

View an Object

For a DLP incident, you can click View Object in the uppermost right corner to view the file that violated the policy.


If you logged into Cisco Cloudlock with Box OAuth credentials, Cloudlock directs you immediately to an "Admin view" of the document. If you logged into Cloudlock with another OAuth account, you are directed to a Box login screen before viewing the document.


Am I added as a collaborator?

Box does not add you as a collaborator to the document when viewing it as an object.