Begin Scanning a Box App

Use these steps to connect the Box application to SaaS Security API to begin scanning assets for policy violations.
To connect Box to SaaS Security API and begin scanning files and folders, you need to:
  • Ensure that you have an Box account with has sufficient privileges.
  • Grant SaaS Security API access to Box.
  • Add the Box app to SaaS Security API, providing SaaS Security API information about your Box.
For information on which automated remediation capabilities SaaS Security API supports with Box, refer to Supported Content, Remediation and Monitoring.

Prepare To Add Box App

Before you add the Box app, perform prerequisites steps to make use of all the capabilities that the app supports and that make for an efficient onboarding experience.
  1. (
    Recommended
    ) Add your Box app domain as an internal domain.
  2. (
    Optional
    ) Enable group-based Enable Group-based Selective Scanning (Beta).
    If you plan to use selective scanning using Azure Active Directory, you must retrieve your Azure AD group information before adding your Box application so SaaS Security API can discover and scan assets belonging to the user groups you want to monitor.
  3. Next Step
    : Proceed to Add Box App.

Add Box App

In order for SaaS Security API to scan assets, you must consent to specific permissions during the course of adding the Box app. Without the requested permissions, SaaS Security API cannot authenticate with Box and cannot scan assets, even after you successfully install the Box app.
  1. Ensure that the Box account you plan to use with SaaS Security API has sufficient privileges.
    Enabling the
    Edit settings for your company
    option suppresses email notifications. If you do not enable this setting, every collaborator on an asset receives an email notification each time SaaS Security API accesses an asset. When you suppress email notification, actions will still appear in the user’s update feeds and in the audit logs.
    To connect SaaS Security API, log in to a Box account with Administrator privileges. Make sure the following settings are enabled:
    1. From within Box, select
      Admin Console
      Users and Groups
      and select the Administrator account you want to use.
    2. Allow this user to see all managed users
      .
  2. Add the Box application to SaaS Security API.
    1. From the
      Dashboard
      , select
      Add a Cloud App
      .
    2. Select
      Box
      .
    3. Click
      Connect to Box Account
      .
    4. Enter the email address and password for the Administrator account you want SaaS Security API to use when connecting to Box and then click
      Authorize
      .
      SaaS Security API validates the administrator account and if the account has the right authentication permissions to access all the Box assets. If the account does not have adequate permissions, an on-screen status displays an error alerting you to fix the issue.
    5. After authentication succeeds, select
      Grant access to Box
      .
      After authentication, SaaS Security API adds the new Box app to the Cloud Apps list as
      Box
       n, where n is the number of Box app instances that you connected to SaaS Security API. For example, if you added one Box app, the name displays as
      Box 1
      . You’ll specify a descriptive name soon.
  3. Next Step
    : Proceed to Customize Box App.

Customize Box App

After you add the Box app, customize the app to make use of capabilities that are unique to this app or that differentiate this app instance from others.
  1. (
    Optional
    ) Specify an
    Alternative account for quarantined files
    .
    You can specify a different Box account (in email address format) for the quarantine administrator for precise assignment of incident management responsibilities. If you choose not to specify an alternative account, SaaS Security API uses the onboarding account to quarantine files in the
    Admin Quarantine
    folder. The Box account for the quarantine administrator does not need to have admin privileges. After you define this quarantine administrator, you cannot modify the setting without deleting the Box app and repeating the onboardng process; therefore, use a service account that persists as administrators join and leave your organization.
  2. Click
    Done
    to save your changes.
  3. (
    Optional
    ) Enable group-based selective scanning.
    If you have not already done so, instruct SaaS Security API to retrieve your Azure AD group information, then return to this step to choose the user groups.
  4. Next Step
    : Proceed to Identify Risks.

Identify Risks

When you add a new cloud app, then enable scanning, SaaS Security API automatically scans the cloud app against the default data patterns and displays the match occurrences. You can take action now to improve your scan results and identify risks.
  1. Start scanning the new Box app for risks.
    1. Select
      Settings
      Cloud Apps & Scan Settings
      .
    2. In the Cloud Apps row that corresponds to the new Box app, select
      Actions
      Start Scanning
      .
  2. During the discovery phase, as SaaS Security API scans files and matches them against enabled policy rules, verify that your default policy rules are effective. If the results don’t capture all risks or you see false positives, proceed to next step to improve your results.
  3. (
    Optional
    ) Modify match criteria for existing policy rules.
  4. (
    Optional
    ) Add new policy rules.
    Consider the business use of your cloud app, then identify risks unique to your enterprise. As necessary, add new:
  5. (
    Optional
    ) Configure or edit a data pattern.
    You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.

Recommended For You