Box is a data storage and file sharing platform. Cisco Cloudlock enables users to use policies to monitor content and user activity in their Box environments. For prerequisites and installation steps see Box Quick Start Setup Guide.


Cisco Cloudlock monitors Box in the following policies:

Data Loss Prevention (DLP)

User Events and Behavior Analytics (UEBA)

  • Build Your Own: Event Analysis

See UEBA for more information and a complete list of Box Events.

Response Actions

In addition to the Global Response Actions available in all platforms, Box also has two unique Response Actions:

Quarantine Users files

Moves the file to a Quarantine folder only accessible to the Box admins.

  • The box admin can add other users to the Quarantine folder access list
  • The Quarantine folder is accessible by the admins in the Content Manager section of the Box Admin Console
  • The Box admin cab approve the file to make it available or reject the file which deletes it.

Revoke File Share

Expires the URL of the file shared.

Notifying End Users of Quarantined Files

No notification is automatically sent out when a user file is quarantined. It is recommended that this response action coincides with a Notify End User by Email response action (when appropriate) to inform the end user of the violation and quarantine.

Incident Examples

Context Only Policy Incident

Context Only Policy Incident

Predefined Policy Incident

Predefined Policy Incident

Event Analysis Policy Incident

Event Analysis Policy Incident

Viewing an Object

For a DLP incident, you can click View Object in the uppermost right corner to view the file that violated the policy.

If you logged into Cisco Cloudlock with Box OAuth credentials, Cloudlock directs you immediately to an "Admin view" of the document. If you logged into Cloudlock with another OAuth account, you are directed to a Box login screen before viewing the document.

Am I added as a collaborator?

Box does not add you as a collaborator to the document when viewing it as an object.


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.