If you're having trouble at any stage please contact us at support@skyformation.com. 

Preface

The goal of this guide is to add a new SkyFormation's Box Cloud App Connector to your SkyFormation Platform.

Prerequisites

Be ware of common pitfalls listed at the end of this article

Box configurations

1. Enable Two-Factor Authentication - go to https://app.box.com/account , under Authentication check “Require 2-step verification …”
2. Go to developer.box.com
3. Create app
4. Select app type “Enterprise Integration”
   
5. Select authentication method “OAuth 2.0 with JWT (Server Authentication)" 
6. Name the application “SkyFormation Integration” (name is meaningless, but needs to be easily identifiable), and click “Create app” 
7. In the next screen click “View Your App”
8. Under “Application Access” select the checkbox “Enterprise”
9. Under Application Scopes select checkboxes of Manage Users, Manage groups and Manage enterprise properties
   1. NOTE: for user of the Content Inspection module - also check “Read all files and folders stored in Box” 
10. 
11. Under “Advanced Features” activate none
1. NOTE: for user of the Content Inspection module - enable “Perform Actions as Users”
12. Under “Add and Manage Public Keys” click “Generate a Public/Private Keypair” - keep the download file
13. Grant access in Enterprise Admin Console to the application (link)
    NOTE: only the account admin can grant this permission. It will fail for other admins.
    To verify who that user is, go to https://app.box.com/account and look for the Account details -> Admin contact at the bottom.
    It should look like:
    
    

Box Shield Events

The Exabeam Cloud Connector for Box consumes the Enterprise Event stream to collect the data on Box Shield notifications. If your Box enterprise account has the Box Shield enabled, you can configure it to include these alerts. When you are setting up Box Shield rules in the Actions section you check the “Publish alert to Box Event Stream” box, otherwise the connecotr will not be able to collect the

data.

For further information of Box Shield events, you can also refer to the FAQ found here:https://community.box.com/t5/Using-Box-Shield/Shield-FAQ/ta-p/76941

Information needed for the SkyFormation Box connector on-board

  () The JSON file that was downloaded during step #12

Firewall/Network connections needed for SkyFormation application

- Open the following services to be approachable from the SkyFormation machine:

   https://*.box.com

On-board SkyFormation for Box steps

1. Logon to your SkyFormation Platform:

2. Navigate via left navigation panel to "Settings" section

3. Navigate via New Settings left navigation panel to "Accounts" section

4. Click the "Add Account" bottom

5. At the "SELECT SERVICE TO ADD" choose "Box" 

You will see the below screen:

5. Fill in the following information:

    - Account Name
        Give the Box account a meaningful name for you. This will become your cloud app connector
      name displayed in the application and the events sent to external systems as SIEM/Splunk.

      e.g. "Box Corp file sharing North US production"     

    - Description
      Add a text that describes the Box account for you.

      e.g. "A file sharing service for collaboration with our design partners"

    -  Jwt-Json

        The contents of the downloaded file of step #12

   Click DONE

6. Make sure the status of the new Box connector is OK and green.

Your are done !

Common Pitfalls

* If you're edited the scopes of the Box application, disable and re-enable it. Re-authorize'ing it does not work.