Skip to main content

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to Cloud.

Code42 Support

Allow Code42 Forensic File Search access to Box

Overview

To help protect you from data loss, you can use Code42 Forensic File Search to monitor files moving to and from users' Box.

When you add Box as a data source for Forensic File Search, you must authorize Code42 as a custom application. Once connected, Forensic File Search monitors your organization's Box environment to capture when a user: 

  • Creates a file
  • Shares a file
  • Deletes a file
  • Modifies a file

This article explains how to add Box as a data source for Forensic File Search. It also explains why Code42 needs this level of access to your Box environment. 

Considerations

  • To connect Code42 to Box, you must be a Box Admin as well as a Code42 Customer Cloud Admin.
  • Once authorized, Code42 Forensic File Search has access to metadata on users, files, and drives.
  • If you need to change your Box account information, temporarily deauthorize your Box account, then reauthorize with the new account information
  • You must be licensed for Code42 Forensic File Search. If your license expires, the cloud service is deauthorized within 24 hours. If you need assistance with licensing, contact your Customer Success Manager (CSM). If you're not sure how to reach your CSM, email csmsupport@code42.com and we will connect you.
  • Box allows you to add or remove individuals as collaborators on a file. However, for files that reside at the root of the drive and are not in a folder, these collaboration changes are not recorded for Forensic File Search until a file event occurs (for example, at file creation, modification, renaming, moving, or sharing with a link). 
  • Box limits API requests made by third-party integrations such as Code42. Throttling these API requests allows Box to better control their resources, but may slow down Code42 file metadata collection, especially after first configuring Forensic File Search access to Box. Consider setting up Forensic File search access to Box when you have decreased activity in your environment.
  • If a user's status is set to inactive in Box, Code42 does not monitor file activity on the user's Box account. 
Monitoring and alerting tools may report download activity
Code42 Forensic File Search temporarily streams files from your cloud service to the Code42 cloud to calculate the file hash. This may be reported as users downloading files.

Code42 never stores file contents or writes them to disk during this process.

Before you begin

Configure Forensic File Search before adding Box as a cloud service data source.

Steps

Step 1: Connect Code42 and Box

  1. Sign in to the Code42 administration console
  2. Add a cloud service connection:
    1. Select Security Center > Data Sources
      Cloud services
    2. Click Add.
      The Add Cloud Service Connection dialog displays.
    3. From Cloud Service, select Box.
    4. Enter a display name. This display name must be unique.
    5. Copy the API Key. You will enter this in your Box Admin Console. 
      Add a Box connection.
  3. Authorize the Code42 app in Box: 
    1. Go to your Box Admin Console and log in using your Box Admin email and password.
    2. Click Enterprise Settings.
    3. Click Apps.
    4. Go to the Custom Applications section.
    5. Click Authorize New App.
      The App Authorization screen displays.
    6. Paste in the API Key from the Code42 administration console. 
    7. Click Next. 
    8. Review the permissions granted. For more information, see Box permissions below.
    9. Click Authorize
      Code42 Cloud Service for Box appears in the table of custom applications. 
      Box admin console

Step 2: Add Users

  1. Return to the Code42 administration console.
  2. In the Add Cloud Service Connection dialog, click Continue. 
    The Add Users dialog displays.
    Add Box users.
  3. Select one of the following options:

Step 3: Verify the setup

  1. In the Add Cloud Service Connection dialog, click Continue. 
    The Verify dialog displays.
    Verify the Box connection.
  2. Enter your Box Enteprise ID:
    1. Return to the Box Admin Console and select Account & Billing. 
    2. Copy the Enterprise ID.
      Enterprise ID
  3. In the Code42 administration console, paste the Box enterprise ID into Box Enterprise ID
  4. Enter your Box Account ID:
    1. Return to the Box Admin Console, click Back to my Account.
    2. In the upper-right, select your profile.
    3. Click Account Settings.
    4. Under the Account tab, scroll to the Account Details section.
    5. Copy your Account ID.
      Account ID
    6. In the Code42 administration console, paste the Account ID into Box Account ID
  5. Click Authorize.
    Box is added as a cloud service for Forensic File Search, and Code42 begins the initial extraction of information. For most environments, this takes between 24 and 48 hours. Once initial extraction is complete for each drive, it takes about 20 minutes for a new event from that drive to appear in search results.
When will I start seeing file events in Forensic File Search?
The first step to adding cloud service information into Forensic File Search is called initial extraction. This is where Code42 scans the cloud service to get baseline information on your environment. How long this step takes depends on how many files are in your cloud service environment.

For most environments, this step takes about 24 hours. Once the initial extraction is complete, it takes about 20 minutes for a new event to appear in search results.

Next steps

Once you have added Box as a data source for Forensic File Search, learn more about:

Upload a .csv file

In Step 2, if you select Specific Users or Groups and click Upload .CSV file, you must upload a .csv file that lists Box users or groups you want to monitor.

General considerations for uploading a .csv file:

  • The .csv file is limited to 1,000 entries.
  • Uploading a new .csv replaces the existing list of people or groups being monitored.

Upload a .csv file listing Box users

See the Box documentation to export a list of all Box users to an Excel file. Convert the Excel file to .csv format, and create a .csv file from this list that contains only the users you want to monitor.

Code42 reads usernames from the column headers labeled Email or Email Address in the .csv file. If these columns contain any entries that aren't email addresses, the upload produces an error.

Upload a .csv file listing Box groups

See the Box documentation for information about Box groups. Create a .csv file that contains only the groups you want to monitor. 

Code42 reads the names of groups from the column header labeled Group Name or Groups in the .csv file. If neither of these column headers are specified, the upload produces an error.

When a group name is provided, Code42 attempts to look up users with the specified group name from the .csv file. If the group name cannot be found, Code42 proceeds to the next group. Code42 looks for that group again every 24 hours.

As users are added and removed from the monitored groups, Code42 automatically detects changes and adjusts monitoring of users accordingly. Users that are removed from monitored groups have their event history preserved so that it remains searchable in Forensic File Search. When an unmonitored user in your Code42 organization shares a file with a monitored user, the events associated with that file are not captured because the unmonitored user is the owner of the file.

Box permissions

Forensic File Search collects file events from Box. A file event is any activity observed for a file, such as creating, modifying, sharing, renaming, moving, or deleting a file. To see this file activity, Code42 requires access to your Box environment. The Box scopes we request are: 

  • Read all files and folders stored in Box (root_readonly)
  • Read and write all files and folders stored in Box (root_readwrite)
  • Manage users (manage_app_users and manage_managed_users)
  • Manage webhooks (manage_webhook)

In addition, integrations are enabled.

This set of permissions means Code42 has read-only access to metadata for files, users, and drives within your cloud service environment. In other words, Code42 cannot make changes to your cloud service environment. In addition, Forensic File Search does not monitor the contents of those files, and does not back up files in the cloud service.

More information on file activity 
For more information on the specific metadata and file events collected and stored by Forensic File Search, see the Forensic File Search reference guide