The Box Shield Add-on for Splunk allows you to ingest Shield's alerts on suspicious behavior, and changes to security classifications. These events are mapped to the Splunk CIM data models to enable unified reporting and deeper integration into your dashboards.
- Time saved - starting with the pre-built integration means less custom work for IT and security teams, and shorter time to monitoring all your Shield alerts in Splunk.
- Deeper visibility and insights - by adding Box Shield to Splunk, your security team gains a new level of depth into activity and content access patterns in Box.
- Ease of analysis - from Splunk, analysts can more efficiently evaluate Shield alerts alongside data from other applications, and also launch directly into the Shield alert page for more detail.
Key features included:
- Box account configuration using OAuth2 token pair mechanism
- Data collection for Shield alerts and classification events
- CIM mapping for Shield alerts and classification events
- Workflow action to redirect user to Box Admin Console to view the Shield alert details