Box Shield Add-on for Splunk

This app is no longer supported, and will not be updated moving forward. We would suggest utilizing the Splunk built and supported integration for ingesting Box events that can be found here - https://splunkbase.splunk.com/app/2679/ ---- Box Shield is Box's native security offering that helps prevent data leakage and detect potential threats. Box Shield generates alerts that may indicate data leakage resulting from negligent user actions or malicious threats. The Box Shield Add-on for Splunk allows you to ingest Shield's alerts on suspicious behavior, and changes to security classifications. These events are mapped to the Splunk CIM data models to enable unified reporting and deeper integration into your dashboards. Key benefits: - Time saved - starting with the pre-built integration means less custom work for IT and security teams, and shorter time to monitoring all your Shield alerts in Splunk. - Deeper visibility and insights - by adding Box Shield to Splunk, your security team gains a new level of depth into activity and content access patterns in Box. - Ease of analysis - from Splunk, analysts can more efficiently evaluate Shield alerts alongside data from other applications, and also launch directly into the Shield alert page for more detail. Key features included: - Box account configuration using OAuth2 token pair mechanism - Data collection for Shield alerts and classification events - CIM mapping for Shield alerts and classification events - Workflow action to redirect user to Box Admin Console to view the Shield alert details