Configure Box for AppFabric
Box is the leading Content Cloud, a single platform that empowers organizations to manage the entire content lifecycle, work securely from anywhere, and integrate across best-of-breed apps.
You can use AWS AppFabric to receive audit logs and user data from Box, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
AppFabric support for the Box
AppFabric supports receiving user information and audit logs from Box.
Prerequisites
To use AppFabric to transfer audit logs from Box to supported destinations, you must meet the following requirements:
-
To access the audit logs, you need to have an active paid subscription to Business, Business Plus, Enterprise, or Enterprise Plus
plans. -
You must have a user with the Admin Privileges
. -
You must have 2-factor authentication
enabled on your Box account for viewing and copying the application's client secret from the configuration tab.
Rate limit considerations
Box imposes rate limits on the Box API. For more
information about the Box API rate limits
Data delay considerations
You may see up to 30-minute delay in an audit event to get delivered to your
destination. This is due to delay in audit events made available by the application
as well as due to precautions taken to reduce data loss. However, this may be
customizable on an account level. For assistance, contact AWS Support
Connecting AppFabric to your Box account
After you create your app bundle within the AppFabric service, you need to authorize AppFabric with Box. To find the information required to authorize Box with AppFabric, use the following steps.
Create an OAuth application
AppFabric integrates with the Box using OAuth. Use the following steps
to create an OAuth application in Box, For more information, see
Creating an OAuth App
-
Log in to Box and go to the the Developer Console
. -
Choose Create New App.
-
Choose Custom App from the list of application types. A modal will appear to prompt a selection for the next step.
-
Enter an app name and description.
-
Choose Integration from the Purpose dropdown list.
-
Choose Security & Compliance from the Categories dropdown list.
-
Enter AWS AppFabric Secure in the Which external system are you integrating with? text box.
-
-
Choose Server Authentication (Client Credentials Grant) if you would like to verify application identity with a client ID and client secret.
-
Choose Create App.
-
Choose the Configuration tab.
-
In the App Access Level section of the page, choose App + Enterprise Access.
-
In the Application Scopes section of the page, Choose the Manage users and Manage enterprise properties.
-
Choose Save Changes.
A Box Admin needs to authorize the application within the Box Admin Console before the application can be used. Complete the following steps to request an authorization.
-
Choose the Authorization tab for your application within the Developer Console
. -
Choose Review and Submit to send an email to your Box enterprise Admin for approval. For more information, see Authorization
in the Box guide. Note
You must re-submit your app if any changes are made after submission.
-
Required scopes
The following application scopes are required. For more information about scopes,
see Scopes
-
Manage enterprise properties (
manage_enterprise_properties
) -
Manage users (
manage_managed_users
)
App authorizations
Tenant ID
AppFabric will request a tenant ID. The tenant ID in AppFabric is the
Box Enterprise ID. The Box Enterprise ID can
be found in the admin console under Account & Billing
> Account Information > Enterprise
ID. For more information, see Enterprise ID
Tenant name
Enter a name that identifies this unique Box organization. AppFabric uses the tenant name to label the app authorizations and any ingestion created from the app authorization.
Client ID and client secret
-
Log in to Box and go to the Developer Console
. -
Choose My Apps in the navigation menu.
-
Choose the OAuth application that you use to connect AppFabric.
-
Choose the Configuration tab.
-
Scroll to the Oauth 2.0 Credentials section of the page.
-
Enter the client ID from your OAuth Client Id into the Client ID field in AppFabric.
-
Choose Fetch Client Secret.
-
Enter the client secret from your OAuth Client Secret into the Client Secret field in AppFabric.