Box Events (via Codeless Connector Framework)
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | BoxEventsCCPDefinition |
| Publisher | Microsoft |
| Used in Solutions | Box |
| Collection Method | CCF |
| Connector Definition Files | BoxEvents_DataConnectorDefinition.json |
| CCF Configuration | BoxEvents_DataConnectorPoller.json |
| CCF Capabilities | OAuth2, Paging |
| Custom Log V1 Tables | Yes 🔶 — ingests into tables with type-suffixed columns |
The Box data connector provides the capability to ingest Box enterprise's events into Microsoft Sentinel using the Box REST API. Refer to Box documentation for more information.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
BoxEventsV2_CL |
? | ✓ | ? |
BoxEvents_CL 🔶 |
? | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): Read and Write permissions are required.
Custom Permissions: - Box API credentials: Box API requires a Box App client ID and client secret to authenticate. See the documentation to learn more about Client Credentials grant - Box Enterprise ID: Box Enterprise ID is required to make the connection. See documentation to find Enterprise ID
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
NOTE: This connector uses Codeless Connecor Platform (CCP) to connect to the Box REST API to pull logs into Microsoft Sentinel.
NOTE: This connector depends on a parser based on Kusto Function to work as expected BoxEvents which is deployed with the Microsoft Sentinel Solution.
STEP 1 - Create Box Custom Application
See documentation to setup client credentials authentication
STEP 2 - Grab Client ID and Client Secret values
You might need to setup 2FA to fetch the secret.
STEP 3 - Grab Box Enterprise ID from Box Admin Console
See documentation to find Enterprise ID
4. Connect to Box to start collecting event logs to Microsoft Sentinel
Provide the required values below: - Box Enterprise ID: 123456 - OAuth Configuration: - Client ID - Client Secret - Click 'Connect' to authenticate
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊