Begin Scanning a Box App

Use these steps to connect the Box application to Prisma SaaS to begin scanning assets for policy violations.
If you plan to use Selective Scanning using Azure Active Directory, you must connect Azure Active Directory before adding your Box application so Prisma SaaS can discover and scan assets belonging to the user groups you want to monitor. To begin scanning a Box instance:
  1. Ensure that the Box account you plan to use with Prisma SaaS has sufficient privileges.
    Enabling the
    Edit settings for your company
    option suppresses email notifications. If you do not enable this setting, every collaborator on an asset receives an email notification each time Prisma SaaS accesses an asset. When you suppress email notification, actions will still appear in the user’s update feeds and in the audit logs.
    To connect Prisma SaaS, log in to a Box account with Administrator privileges. Make sure the following settings are enabled:
    1. From within Box, select
      Admin Console
      Users and Groups
      and select the Administrator account you want to use.
    2. Allow this user to see all managed users
      .
  2. Add the Box application to Prisma SaaS.
    1. From the Prisma SaaS
      Dashboard
      , select
      Add a Cloud App
      .
    2. Select
      Box
      .
      box-tile-frame.png
    3. Click
      Connect to Box Account
      .
    4. Enter the email address and password for the Administrator account you want Prisma SaaS to use when connecting to Box and then click
      Authorize
      .
      Prisma SaaS validates the administrator account and if the account has the right authentication permissions to access all the Box assets. If the account does not have adequate permissions, an on-screen status displays an error alerting you to fix the issue.
    5. After authentication succeeds, select
      Grant access to Box
      .
      The new Box instance is added to the list of Cloud Apps as Box 
      n,
      where
      n
      is the number of Box instances you have connected to Prisma SaaS. For example, if this is the second Box instance connected, the name displays as Box 2.
  3. (Optional)
    Give a descriptive name to this instance and specify an incident reviewer.
    1. Select the Box 
      n
      link on the Cloud Apps list.
    2. Enter a descriptive
      Name
      to differentiate this instance of Box from other instances you are managing.
    3. Specify an
      Incident Reviewer Account
      . Use this setting with caution because the account you provide becomes a collaborator on all risks — even private files.
    4. Click
      Done
      to save your changes.
  4. (Optional)
    Choose the user groups whose assets and accounts you want to monitor.
    Begin Selective Scanning Using Azure Active Directory Groups for users who belong to specific groups on if you want Prisma SaaS to scan content. By default, selective scanning is not enabled. If you want to enable selective scanning later, you must delete the Box instance and add it back so Prisma SaaS can discover all assets and events for all users. All assets and events previously stored will be deleted and incidents reported for users no longer included in the selected groups are automatically closed.
    1. Select
      Enable selective scanning
      and choose the groups you want to include or exclude from scanning from the list of groups using >> to add all groups or > to add selected groups.
      If a group is edited or removed from selective scanning, it can take up to 7 days to remove assets or activities, and close any related incidents. Adding a group back to selective scanning will record new user activities but not old, previously removed user activities.
      add-selective-scanning-groups-to-box.png
    2. Select
      Save
      to continue.
  5. Add policy rules.
    When you add a new cloud app, Prisma SaaS automatically scans the app against the default data patterns and displays the match occurrences. As a best practice, consider the business use of your app to determine whether you want to Add a New Asset Rule to look for incidents unique to Box.
  6. (Optional)
    Configure or edit a data pattern.
    When you Prisma SaaS scans the Box assets, sometimes the data patterns do not meet your business needs or return enough incidents. You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.
  7. Start scanning assets on the Box instance.
    1. Select
      Settings
      Cloud Apps & Scan Settings
      .
    2. In the Cloud Apps row that corresponds to the new Box app, select
      Actions
      Start Scanning
      .
      Prisma SaaS starts scanning all assets in the associated Box instance and begins to identify incidents. Depending on the number of Box users and assets, it may take some time for the service to complete the process. However, as soon as you begin to see this information populating on the Prisma SaaS
      Dashboard
      , you can begin to Assess Incidents.
  8. Monitor the results of the scan.
    As Prisma SaaS starts scanning files and matching them against enabled policy rules, you can Monitor Scan Results on the Dashboard to verify that the policy rules are effective. Monitoring the progress of the scan during the discovery phase enables you toFine-Tune Policy to modify the match criteria and ensure better results.

Related Documentation