Box
The JSA DSM for Box collects enterprise events from a Box enterprise account.
The following table describes the specifications for the Box DSM:
Specification |
Value |
---|---|
Manufacturer |
Box |
DSM name |
Box |
RPM file name |
DSM-BoxBox-JSA_version-build_number.noarch.rpm |
Supported versions |
N/A |
Protocol |
Box REST API |
Event format |
JSON |
Recorded event types |
Administrator and enterprise events Box Shield Alerts |
Automatically discovered? |
No |
Includes identity? |
Yes |
Includes custom properties? |
No |
More information |
For more information, see the Box link to the public site website (https://www.box.com/home). |
To integrate Box with JSA, complete the following steps:
-
If automatic updates are not enabled, download and install the most recent version of the following RPMs from the Juniper Downloads onto your JSA Console:
-
Protocol Common RPM
-
Box REST API Protocol RPM
-
Box DSM RPM
-
-
Configure your Box Enterprise account for API access. For more information, see your Box documentation (https://docs.box.com/docs/configuring-box-platform).
The following table describes the parameters that require specific values for Box event collection:
Table 2: Box Log Source Parameters Parameter
Value
Log Source type
Box
Protocol Configuration
Box REST API
Client ID
Generated in the OAuth2 parameters pane of the Box administrator configuration.
Client Secret
Generated in the OAuth2 parameters pane of the Box administrator configuration.
Key ID
Generated in the Public Key Management pane after you submit the public key.
Enterprise ID
Used for access token request.
Private Key File Name
The private key file name in the /opt/qradar/conf/trusted_certificates/box/ directory in JSA.
Use Proxy
If JSA accesses the Box API by using a proxy, select the Use Proxy check box.
If the proxy requires authentication, configure the Proxy Server, Proxy Port, Proxy Username, and Proxy Password fields.
If the proxy does not require authentication, configure the Proxy Server and Proxy Port fields.
Automatically Acquire Server Certificate(s)
Select Yes for JSA to automatically download the server certificate and begin trusting the target server.
EPS Throttle
The maximum number of events per second.
The default is 5000.
Recurrence
The time interval between log source queries to the Box API for new events. The time interval can be in hours (H), minutes (M), or days (D).
The default is 10 minutes.