BOX Integration Setup Guide
This guide will walk you through setting up BOX audit logs integration with RunReveal. The BOX source collects audit logs from your BOX Enterprise account, including user access, file operations, administrative changes, and security events.
Overview
- Source Type:
box - Ingest Method: API Polling (every 60 seconds)
- Data Collected: BOX admin logs and audit events
Prerequisites
- BOX Enterprise account with admin access
- BOX Developer Console access
Step 1: Create a BOX Application
1.1 Access BOX Developer Console
- Go to the BOX Developer Console
- Sign in with your BOX Enterprise admin account
- Click “Create New App”
1.2 Configure Application Settings
- Choose App Type: Select “Custom App”
- Authentication Method: Select “OAuth 2.0 with JWT (Server Authentication)”
- App Name: Enter a descriptive name (e.g., “RunReveal Audit Logs”)
- Description: Add a description for your app
1.3 Configure OAuth Settings
- In the “OAuth 2.0 Credentials” section:
- Redirect URI: Add
https://your-runreveal-domain.com/oauth/box/callback(replace with your actual RunReveal domain) - Scopes: Select the following scopes:
admin_logs- Read admin logsmanage_enterprise- Manage enterprise settings (if needed)
- Redirect URI: Add
1.4 Generate Application Keys
-
Go to the “Configuration” tab
-
In the “Application Access” section:
- Select “Enterprise” (for enterprise-wide access)
-
In the “Advanced Features” section:
- Enable “Perform Actions as Users” (if needed)
- Enable “Generate User Access Tokens” (if needed)
-
Save your configuration
1.5 Get Application Credentials
- Go to the “General” tab
- Copy the following values:
- Client ID (you’ll need this for RunReveal configuration)
- Client Secret (you’ll need this for RunReveal configuration)
Step 2: Authorize the Application
2.1 Enterprise Authorization
- In your BOX Developer Console, go to your app
- Click “Authorize” in the top right
- Sign in with your BOX Enterprise admin account
- Grant the requested permissions
- Important: Copy the Refresh Token that appears after authorization (you’ll need this for RunReveal)
2.2 Alternative: Manual Authorization
If the automatic authorization doesn’t work, you can manually authorize:
-
Construct the authorization URL:
https://app.box.com/api/oauth2/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&state=random_string -
Replace:
YOUR_CLIENT_IDwith your actual Client IDYOUR_REDIRECT_URIwith your configured redirect URIrandom_stringwith a random string for security
-
Visit the URL in your browser
-
Sign in and authorize the application
-
You’ll be redirected to your redirect URI with an authorization code
-
Exchange the code for tokens using the BOX API
Step 3: Configure RunReveal
3.1 Create BOX Source in RunReveal
- Log into your RunReveal dashboard
- Navigate to Sources → Add Source
- Select “BOX” from the source list
- Choose “Polling” as the ingest type
3.2 Configure Source Settings
Fill in the following fields:
Settings:
- Unique ID: Enter a unique identifier for this source (e.g.,
box-enterprise-001) - Client ID: Enter the Client ID from your BOX application
Secrets:
- Client Secret: Enter the Client Secret from your BOX application
- Refresh Token: Enter the Refresh Token obtained during authorization
3.3 Test the Configuration
- Click “Verify Settings” to test the connection
- If successful, you should see a green checkmark
- If there are errors, check:
- Client ID and Client Secret are correct
- Refresh Token is valid and not expired
- Your BOX application has the correct permissions
- Your BOX Enterprise account has admin logs enabled
Step 4: Enable Admin Logs in BOX
4.1 Verify Admin Logs are Enabled
- Log into your BOX Enterprise admin console
- Go to Admin Console → Reports → Audit Logs
- Ensure “Admin Logs” are enabled for your enterprise
- If not enabled, contact your BOX administrator to enable them
4.2 Configure Log Retention
- In the BOX Admin Console, go to Admin Console → Reports → Audit Logs
- Set the appropriate retention period for your compliance needs
- Ensure logs are being generated (you should see recent activity)
Step 5: Monitor and Verify
5.1 Check Data Ingestion
- After saving your BOX source, wait 5-10 minutes
- Go to Logs in your RunReveal dashboard
- Filter by Source Type:
box - You should see BOX audit events appearing
5.2 Verify Event Types
The BOX integration collects the following types of events:
- User login/logout events
- File access and sharing events
- Administrative changes
- Security events
- Application access events
5.3 Check for Errors
- Go to Sources → Errors in RunReveal
- Look for any BOX-related errors
- Common issues:
- Invalid credentials
- Expired refresh token
- Insufficient permissions
- Rate limiting
Troubleshooting
Common Issues
”Invalid Client ID or Secret”
- Verify the Client ID and Client Secret are correct
- Ensure there are no extra spaces or characters
- Check that the application is properly configured in BOX
”Invalid Refresh Token”
- The refresh token may have expired
- Re-authorize the application in BOX Developer Console
- Generate a new refresh token
”Insufficient Permissions”
- Ensure your BOX application has the
admin_logsscope - Verify your BOX account has admin access
- Check that admin logs are enabled in your BOX Enterprise
”No Events Found”
- Verify admin logs are enabled in BOX
- Check that there’s recent activity in your BOX account
- Ensure the source has been running for at least 10-15 minutes
Rate Limiting
- BOX API has rate limits (typically 100 requests per minute)
- RunReveal polls every 60 seconds, which should be within limits
- If you hit rate limits, contact BOX support to increase your limits
Support and Resources
BOX Documentation
BOX Support
This guide covers the complete setup process for BOX integration with RunReveal. For additional support or questions, please contact RunReveal support or refer to the official documentation.