Enable Cloud Malware Protection for Box Tenants

Suggest Edits

Umbrella supports Cloud Malware protection for all files within your Box deployment.

Prerequisites
Limitations
Verify Box Application Settings
Authorize a Tenant
Edit a Tenant
Revoke Authorization

Prerequisites

Full admin access to the Umbrella dashboard. See Manage User Roles.
The person performing the installation must be a Box Admin (not Co-Admin)
Chrome or Firefox (recommended) with pop-up blockers and ad blockers disabled (only for the duration of authorization)
Published and unpublished applications must be enabled in the Box Admin Console (see Verify Box Application Settings.

Limitations

A tenant that fails to authenticate cannot be deleted.
Umbrella attempts to quarantine a file will fail if actions on the file have been blocked by settings in Box Shield policies. In such a case, the block placed by Box takes precedence over Umbrella’s ability to detect or remediate DLP violations or malware.

Verify Box Application Settings

Log into the Box Admin Console.
Navigate to Settings (the Gear icon) > Enterprise Settings > Apps.
In the Global App Settings section:

Do not check: Disable published third party apps by default.

Check: Require web app integrations to use secure connections (SSL).

Click Save.

Authorize a Tenant

Navigate to Admin > Authentication.
In the SaaS API Platforms section, click to expand Box.

In the Cloud Malware section, click Authorize New Tenant to add a Box tenant to your Umbrella environment.
In the Box Authorization dialog box, check the checkbox to verify you meet the prerequisites and then click Next.

Add a Tenant Name and then click Next.

Select a Response Action for Umbrella to apply to Box files found with malware and then click Next.

Choose Monitor to cause Umbrella to log files detected with malware. You will be able to manually quarantine these files from the Cloud Malware report.

Choose Quarantine to:

Move the file into a folder named Cisco_Quarantine_Malware in the root path of the admin who authorized the tenant, remove all collaborators, and change the file owner to the Box admin.

Replace the file in its original location with a text file named filename.ppt_Cisco_Quarantined.txt explaining to the original file owner that the file is identified as malware and for more information to contact their organization administrator.

Click Next to be redirected to the Box login page.

You are redirected to Umbrella and a message appears showing the integration was successful. It may be up to 24 hours for the integration to be confirmed and appear as Authorized.

Click Done to complete.

Edit a Tenant

You can change the Response Action you have selected for a tenant.

Navigate to Admin > Authentication.
In the SaaS API Platforms section, click Box.
In the Cloud Malware section , from the Edit column, click Edit. You can edit any tenant.

Select a Response Action for Umbrella to apply to Box files found with malware and then click Next.
- Choose Monitor to cause Umbrella to log files detected with malware. You will be able to manually quarantine these files from the Cloud Malware report.
- Choose Quarantine to:
- Move the file into a folder named Cisco_Quarantine_Malware in the root path of the admin who authorized the tenant, remove all collaborators, and change the file owner to the Box admin.
- Replace the file in its original location with a text file named filename.ppt_Cisco_Quarantined.txt explaining to the original file owner that the file is identified as malware and for more information to contact their organization administrator.
Click Next.

The new Response Action is displayed.

Revoke Authorization

From the Action column, click Revoke. You can revoke any authorized tenant.

Click Revoke. The selected account is no longer authorized.

Enable Cloud Malware Protection for Azure Tenants< Enable Cloud Malware Protection for Box Tenants > Enable Cloud Malware Protection for Dropbox Tenants

Updated about 2 months ago