Box

Use the IBM Security QRadar Custom Properties for Box Content Extension to closely monitor Box activity on your network.

IBM Security QRadar Custom Properties for Box Content Extension 1.0.0

The following table shows the custom properties in IBM Security QRadar Custom Properties for Box Content Extension 1.0.0.

Table 1. Custom Properties in IBM Security QRadar Custom Properties for Box Content Extension 1.0.0
Name Optimized Expression
Alert ID No /"additional_details"/"shield_alert"/"alert_id"
Alert Severity No /"additional_details"/"shield_alert"/"priority"
Event Type No "event_type":"((?!SHIELD_ALERT)\w*)"
File Directory Yes "item_path":"([\w\d/]*)"
File ID Yes "item_id":"(\d*)"
File Size No /"additional_details"/"shield_alert"/"malware_info"/"file_size_bytes"
Filename Yes "item_name":"([\w\.\d]*)"
Region Yes "region_name":"([\w\s]*)"
Risk Score No /"additional_details"/"shield_alert"/"risk_score"
Rule Details Yes /"additional_details"/"shield_alert"/"alert_summary"/"description"
Rule ID No /"additional_details"/"shield_alert"/"rule_id"
Rule Name Yes /"additional_details"/"shield_alert"/"rule_name"
Service Name Yes "service_name":"([\w\s]*)"
Session ID No /"session_id"
SHA1 Hash Yes /"additional_details"/"shield_alert"/"malware_info"/"file_hash"
Threat Family No /"additional_details"/"shield_alert"/"malware_info"/"family"
Threat Name Yes /"additional_details"/"shield_alert"/"malware_info"/"malware_name"
User ID Yes /"additional_details"/"shield_alert"/"user"/"id"