FortiSIEM Support Added: 4.7.2
FortiSIEM Last Modification: 6.4.0
Vendor Version Tested: Not Provided
Product Information: https://www.box.com/overview
|Security and Compliance
FortiSIEM can pull audit events from Box.com Cloud Service via Box API.
Create an account to be used for FortiSIEM communication, taking note of the following:
- A general account can pull user events
- An Admin account can pull enterprise events
- A unique Client ID and Client Secret can only start one job. It cannot be used to start multiple jobs.
Take the following steps:
Login to the Box developer's console at https://app.box.com/developers/console.
Navigate to My Apps > Create New APP.
Click Custom App.
Select User Authentication (OAuth 2.0).
In the App Name field, enter the application name.
Click Create App.
Under Configuration, make a record of the Client ID and Client Secret of the new application. This will be used when creating a credential in Configuring FortiSIEM.
In the Redirect URI field, enter the URI in the following format:
Click Save Changes.
Use the account in previous step to enable FortiSIEM access. Complete these steps in the FortiSIEM UI:
- Go to the ADMIN > Setup > Credentials tab.
- In Step 1: Enter Credentials:
- Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
- Enter these settings in the Access Method Definition dialog box and click Save:
Settings Description Name Enter a name for the credential Device Type Box.com Box Access Protocol Box API
Provide the Client ID obtained in step 7 of Configuring Box.com Service.
Note: A unique Client ID and Client Secret can only start one job. It cannot be used to start multiple jobs.
Provide the Client Secret obtained in step 7 of Configuring Box.com Service.
Account Choose Account as the email address for the account created while Configuring Box.com Service. Organization
Choose the Organization if it is an MSP deployment and the same credential is to be used for multiple customers.
Description Description of the device.
- After clicking Save, you will be redirected to the Box.com website. Enter the credentials for Box.com and click Authorize.
- Click Grant Access to Box. You should see that the authorization for FortiSIEM to access your Box account was successful.
- In Step 2: Enter IP Range to Credential Associations, click New.
- Select the Credential created in step 2a from the Credentials drop-down list.
- The IP/Host Name should automatically be set to api.box.com.
- Click Save.
- Select the entry from step 5, click the Test drop-down list and select Test Connectivity and make sure it succeeds, which implies that the credential is correct.
- An entry will be created in ADMIN > Setup > Pull Events corresponding to this event pulling job. FortiSIEM will start to pull events from Box.com Cloud Service using the Box.com API.
- To see the received events, go to ADMIN > Setup > Pull Events, select the Box.com entry and click Report. The system will take you to the ANALYTICS tab and run a query to display the events received from Box in the last 15 minutes. You can modify the time interval to get more events.