Box is a data storage and file sharing platform. Cisco Cloudlock enables users to use policies to monitor content and user activity in their Box environments. For prerequisites and installation steps see Box Quick Start Setup Guide.
Cisco Cloudlock monitors Box in the following policies:
- Build Your Own: Context Only
- Build Your Own: Custom Regex
- Build Your Own: Event Analysis
See UEBA for more information and a complete list of Box Events.
In addition to the Global Response Actions available in all platforms, Box also has two unique Response Actions:
Moves the file to a Quarantine folder only accessible to the Box admins.
- The box admin can add other users to the Quarantine folder access list
- The Quarantine folder is accessible by the admins in the Content Manager section of the Box Admin Console
- The Box admin cab approve the file to make it available or reject the file which deletes it.
Expires the URL of the file shared.
Notifying End Users of Quarantined Files
No notification is automatically sent out when a user file is quarantined. It is recommended that this response action coincides with a Notify End User by Email response action (when appropriate) to inform the end user of the violation and quarantine.
Context Only Policy Incident
Predefined Policy Incident
Event Analysis Policy Incident
For a DLP incident, you can click View Object in the uppermost right corner to view the file that violated the policy.
If you logged into Cisco Cloudlock with Box OAuth credentials, Cloudlock directs you immediately to an "Admin view" of the document. If you logged into Cloudlock with another OAuth account, you are directed to a Box login screen before viewing the document.
Am I added as a collaborator?
Box does not add you as a collaborator to the document when viewing it as an object.