|Protocol||Information Discovered||Used For|
|Box.com API||Security and Compliance|
FortiSIEM can pull audit events from Box.com Cloud Service via Box API.
Create an account to be used for FortiSIEM communication.
- A general account can pull user events
- An Admin account can pull enterprise events
Use the account in previous step to enable FortiSIEM access.
- Logon to FortiSIEM.
- Go to ADMIN > Setup > Credentials.
- Click New to create a Box.com credential.
- Choose Device Type = Box.com Box (Vendor = Box.com, Model = Box).
- Choose Access Protocol = Box API.
- Choose Account as the email address for the account created while Configuring Box.com Service.
- Choose the Organization if it is an MSP deployment and the same credential is to be used for multiple customers.
- Click Save.
- You will be redirected to the Box.com website.
- Enter credentials for Box.com and click Authorize.
- Click Grant Access to Box. You should see that the authorization for FortiSIEM to access your Box.com account was successful.
- Enter an IP Range to Credential Association:
- Set Hostname to box.com.
- Select the Credential created in step 3.
- Click Save.
- Select the entry in step 4 and click Test Connectivity and make sure it succeeds, implying that the credential is correct.
- An entry will be created in ADMIN > Setup > Pull Events corresponding to this event pulling job. FortiSIEM will start to pull events from Box.com Cloud Service using the Box.com API.
To test for received Box.com events:
- Go to ADMIN > Setup > Pull Events.
- Select the Box.com entry and click Report.
The system will take you to the Analytics tab and run a query to display the events received from Box.com in the last 15 minutes. You can modify the time interval to get more events.