BoxSmart Connector 1

Summary:

The document provides a guide for setting up ArcSight Cloud Connectors, specifically the Box SmartConnector, which allows monitoring of cloud services like Box using REST APIs. It covers collecting various events such as logins, failed login attempts, file modifications (edits, uploads, downloads, deletions), and more. After configuration, it enables users to view detailed reports in "Admin Console -> Reports" including top failed logins, external user access, file activity by user, and overall user activity on a consolidated dashboard.

Details:

ArcSight Cloud Connectors are software tools that enable users to monitor cloud-based services such as Salesforce or Google Apps by collecting events using their REST APIs. These connectors allow for monitoring who logged in, access from external users, multiple failed login attempts, file modifications, and more. The Box SmartConnector is a specific type of connector designed for the online sharing application Box, which competes with platforms like Google Drive and Dropbox. It operates similarly to other REST FlexConnectors by using OAuth2 authentication, REST API, and JSON parsing. As fully productized and supported connectors, they provide detailed information in their configuration guides. This text provides a setup guide for integrating Box SmartConnector with ArcSight, allowing the collection of Box security events such as logins, failed logins, file edits, uploads, downloads, and deletions. The process involves setting up a proxy if necessary, entering credentials to access logs from Box, and obtaining a token for future logins. Once configured, the ArcSight SmartConnector will collect events related to user activities under "Admin Console -> Reports", displaying them on a consolidated dashboard with examples including top failed logins, external users' access, file activity by user, and overall user activity. This text appears to be related to various reports and summaries within a system or software application, likely from Hewlett-Packard (now part of HP Inc.), focusing on user activity and login attempts. Here are the summarized details of each item mentioned: 1. **Top Activity by all users in Box**: A summary of the most active actions performed by all users within a specific storage box or folder. 2. **Top Failed Logins**: Lists the top instances where logins have failed, providing insight into potential security issues or user error. 3. **Total Activity by User**: Provides an overview of the total activity each user has engaged in, showing how active they are across the system. 4. **Top Activity per Username**: Details the most active actions for a specific username, offering detailed information about that user's interactions within the system. 5. **Top File Activity**: Highlights the files with the highest level of activity, indicating which documents or files are frequently accessed by users. 6. **Access by External User**: Provides details on external users who have accessed certain files, including the file name, involved user, user's address, and the frequency of access. 7. **Collaboration Invites**: Summarizes invitations for collaboration and records of interactions related to these collaborations. Each entry is copyrighted to Hewlett-Packard Development Company, L.P., and notes that the information may be subject to change without notice, suggesting a dynamic and possibly real-time reporting feature within the system.