Box
- Details
- Content
- Dependencies
- Version History
Manage Box users
Box
This pack includes Cortex XSIAM content.
This pack includes
- Collection of Box event log messages.
- Log Normalization - XDM mapping for key event types.
Supported Event Types
- All event types from ./2.0/events API call.
Time Zone support for XSIAM
For supporting Time Zone parsing, time should be set to UTC +0000 Product documentation:
- Sign into your Box account.
- Click your initials in the top-right corner to open the Account Menu.
- Click Account Settings.
- The Account tab should open by default. Locate the General Options section.
- Select your preferred timezone from the pulldown menu under Time Zone.
- Click Save Changes in the top right to save your settings.
Enabling Box Event Collector
To configure the Box Event Collector to receive log messages:
- Make sure you have the Box pack installed on your Cortex XSIAM tenant.
- Go to Settings → Configurations → Automation & Feed Integrations.
- In the search bar, type Box and click + Add instance.
- Follow the integration steps to send logs from Box to your Cortex XSIAM tenant.
Classifiers
| Name | Description |
|---|---|
Box Incident Incoming Mapper | Maps incoming Box incident fields. |
Incident Fields
| Name | Description |
|---|---|
Box Source Owner ID | The owner ID for the source. |
Box Source Parent Name | The name for the parent of the source. |
Box Source Owner Name | The name for the owner of the source. |
Box Source Created By Name | The name of the user who created the item. |
Box Source Created By ID | The ID of the user who created the event. |
Box Source Parent ID | The ID for the parent of the source. |
Incident Types
| Name | Description |
|---|---|
Box Incident |
Integrations
| Name | Description |
|---|---|
| Box v2 | Manage Box users. |
| Box (Deprecated) | Deprecated. Use the Box v2 integration instead. |
Layouts
| Name | Description |
|---|---|
Box Incident |
Classifiers
| Name | Description |
|---|---|
Box Incident Incoming Mapper | Maps incoming Box incident fields. |
Incident Fields
| Name | Description |
|---|---|
Box Source Parent ID | The ID for the parent of the source. |
Box Source Parent Name | The name for the parent of the source. |
Box Source Owner Name | The name for the owner of the source. |
Box Source Owner ID | The owner ID for the source. |
Box Source Created By ID | The ID of the user who created the event. |
Box Source Created By Name | The name of the user who created the item. |
Incident Types
| Name | Description |
|---|---|
Box Incident |
Integrations
| Name | Description |
|---|---|
| Box Event Collector | Collect events from Box's logs. |
| Box (Deprecated) | Deprecated. Use the Box v2 integration instead. |
| Box v2 | Manage Box users. |
Modeling Rules
| Name | Description |
|---|---|
BoxEventCollector |
Parsing Rules
| Name | Description |
|---|---|
BoxEventCollector Parsing Rule |
Required Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
Optional Content Packs (1)
| Pack Name | Pack By |
|---|---|
| Common Types | By: Cortex XSOAR |
All level dependencies (1)
| Pack Name | Pack By |
|---|---|
| Base | By: Cortex XSOAR |
3.2.14 - R5469292 (October 20, 2025)
3.2.14 - R5469292 (October 20, 2025)
PUBLISHER
PLATFORMS
Cortex XSOARCortex XSIAM
INFO
| Certification | Certified | Read more |
| Supported By | Cortex | |
| Created | November 9, 2020 | |
| Last Release | October 20, 2025 |
WORKS WITH THE FOLLOWING INTEGRATIONS:
