|Protocol||Information Discovered||Used For|
|Box.com API||Security and Compliance|
Box API Integration
FortiSIEM can pull audit events from Box.com Cloud Service via Box API.
Configuring Box.com Service
Create an account to be used for FortiSIEM communication.
- A general account can pull user events
- An Admin account can pull enterprise events
Use the account in previous step to enable FortiSIEM access. Complete these steps in the FortiSIEM UI:
- Go to the ADMIN > Setup > Credentials tab.
- In Step 1: Enter Credentials:
- Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
- Enter these settings in the Access Method Definition dialog box and click Save:
Settings Description Name Enter a name for the credential Device Type Box.com Box Access Protocol Box API Account Choose Account as the email address for the account created while Configuring Box.com Service. Organization
Choose the Organization if it is an MSP deployment and the same credential is to be used for multiple customers.
Description Description of the device.
- After clicking Save, you will be redirected to the Box.com website. Enter the credentials for Box.com and click Authorize.
- Click Grant Access to Box. You should see that the authorization for FortiSIEM to access your Box.com account was successful.
- In Step 2: Enter IP Range to Credential Associations, click New.
- Set IP/Host Name to box.com.
- Select the Credential created in step 2a from the Credentials drop-down list.
- Click Save.
- Select the entry from step 5, click the Test drop-down list and select Test Connectivity and make sure it succeeds, which implies that the credential is correct.
- An entry will be created in ADMIN > Setup > Pull Events corresponding to this event pulling job. FortiSIEM will start to pull events from Box.com Cloud Service using the Box.com API.
- To see the received events, go to ADMIN > Setup > Pull Events, select the Box.com entry and click Report. The system will take you to the ANALYTICS tab and run a query to display the events received from Box.com in the last 15 minutes. You can modify the time interval to get more events.