Box

Introduction

Box is a data storage and file sharing platform. Cisco Cloudlock enables users to use policies to monitor content and user activity in their Box environments.

For prerequisites and installation steps see Box Quick Start Setup Guide.

Monitoring Scope

Cloudlock for Box supports a monitoring scope for organizations that want to customize which users are monitored. You can configure your monitoring scope in the Platforms tab of the Settings Page by selecting the Box platform. You have the option to monitor files and activities of all users/groups, specific users/groups, or all users/groups with the exception of specific users/groups. Adding a list of domains will monitor the selected scope within those domains.

Policies

Cisco Cloudlock monitors Box in the following policies:

Data Loss Prevention (DLP)

Exposure

Shared with internal (managed) users
Users listed and added through the Box Admin Console, including when files are shared with a link to people within the organization.

Shared with external (unmanaged) users
Box accounts outside of the listed users in the Box Admin Console

Shared with a public link
Anyone with the link has access.

Shared with users outside the domain(s) specified in Settings
External users outside the home domain

Specific shares (Users and Groups; Domains and top-level domains)
Any internal or external users, groups or domains specifically listed

User Events and Behavior Analytics (UEBA)

  • Build Your Own: Event Analysis

Response Actions

In addition to the Global Response Actions available in all platforms, Box also has two unique Response Actions:

Quarantine Users files

Moves the file to a Quarantine folder only accessible to the Box admins.

  • The box admin can add other users to the Quarantine folder access list
  • The Quarantine folder is accessible by the admins in the Content Manager section of the Box Admin Console
  • The Box admin cab approve the file to make it available or reject the file which deletes it.

Revoke File Share

Expires the URL of the file shared.

Notifying End Users of Quarantined Files

No notification is automatically sent out when a user file is quarantined. It is recommended that this response action coincides with a Notify End User by Email response action (when appropriate) to inform the end user of the violation and quarantine.

Incident Examples

Context Only Policy Incident

Context Only Policy Incident

Predefined Policy Incident

Predefined Policy Incident

Event Analysis Policy Incident

Event Analysis Policy Incident

Viewing an Object

For a DLP incident, you can click View Object in the uppermost right corner to view the file that violated the policy.

If you logged into Cisco Cloudlock with Box OAuth credentials, Cloudlock directs you immediately to an "Admin view" of the document. If you logged into Cloudlock with another OAuth account, you are directed to a Box login screen before viewing the document.

Am I added as a collaborator?

Box does not add you as a collaborator to the document when viewing it as an object.

Box


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.