Box Integration Guide

The following instructions are for configuring a Box integration to facilitate log ingestion into Secureworks® Taegis™ XDR.

Data Provided from Integration

Important

To receive Box Shield alerts, your organization must have an active Box Shield subscription and have the feature enabled.

	Normalized Data	Out-of-the-Box Detections	Vendor-Specific Detections
Box	Auth, CloudAudit, Thirdparty

Note

XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Detection Rules to generate detections based on normalized data from a data source.

Prerequisites

• A Box user account with sufficient permissions to access the data you intend to collect.
• Multi-factor authentication configured for the Box account.

Configure Box

Information Required to Complete Integration

• Enterprise ID — Your organization's unique Box instance identifier
• Client ID — Custom App’s ID
• Client Secret — Custom App’s Secret

Create a Custom App

1. Log into the Box Developer Console.
2. Click My Platform Apps, then click Create Platform App in the top right.
3. Click the Custom App card.
4. Reference the vendor’s documentation to create a Custom App. Enter the following values:
   • App Name: A descriptive string.
   • Purpose: Choose the applicable value.
5. Choose the Server Authentication (with Client Credentials Grant) authentication method.
6. Click the Create App button.

App Authorization

7. Go to the Authorization tab for your application within the Developer Console.
8. Click Review and Submit to send an email to your Box enterprise Admin for approval.

Basic Configuration

9. Under the App access level section, choose App + Enterprise Access.
10. Under the Application Scopes section, choose Manage Enterprise Properties. For more information, see Manage enterprise properties.
11. Go to the General Settings tab and copy the Enterprise ID for use in a later step.
12. Go to the Configuration tab and copy the Client ID and Client Secret from the OAuth 2.0 credentials section for use in a later step. Click Fetch Client Secret to show the Client Secret.

Add Integration in XDR

1. From the Taegis Menu, select Integrations → Cloud APIs.
2. Select Add an Integration from the top of the page.

3. From the Optimized tab, select Box.

   

   Create a New Box integration

4. Enter the following values:

   • Taegis Integration Name — This serves as a unique name for your integration, which can include any valid values up to 100 characters.
   • Box Enterprise ID
   • Box Client ID
   • Box Client Secret

5. Select Done. The Cloud API Integrations page displays the successfully added Box integration.