Configuring Box to Communicate with JSA
To retrieve administrator logs from your Box enterprise account, you must configure Box and your JSA Console.
You must have a developer account.
Generate a private/public RSAkey pair for the JSON Web Token (JWT) assertion.
Open an SSH session to the JSA console.
For a private key, type the following command:
openssl genrsa -out box_private_key.pem 2048
For a public key, type the following command:
openssl rsa -pubout -in box_private_key.pem -out box_public_key.pem
Save a copy of the public key. You are required to paste the contents of the public key into the Add Public Key text box when you configure Box for API access.
Convert the private key to DER by typing the following command on one line:
openssl pkcs8 -topk8 -inform PEM -outform DER -in box_private_key.pem -out box_private_key.der -nocrypt
Store the private key in JSA.
Create a directory that is named
opt/qradar/conf/trusted_certificates/directory in JSA.
Copy the private key
.DERfile to the
opt/qradar/conf/trusted_certificates/boxdirectory that you created. Do not store the private key in any other location.
Configure the log source by using only the file name of the private key file in the
opt/qradar/conf/trusted_certificates/boxdirectory. Ensure that you type the file name correctly in the Private Key File Name field when you configure the log source.
Copy the private key to the
opt/qradar/conf/trusted_certificates/box directory before you configure the log source. If you configure
the log source before you store the private key, an error message
- Log in to Box Developers portal (http://developers.box.com/).
You now have access to the Admin and Box Consoles.
Create an application for your JSA appliance by clicking Create New App..
Select Enterprise Integration, and then click Next.
In the Authentication Method pane, select OAuth2.0 with JWT (Server Authentication), and then click Next.
In the field, type a name for the App, and then click create App.
Click View Your App.
From the OAuth2 parameters pane, copy and record the client ID and the client secret. You need the client ID and the client secret when you add a log source in JSA.
In the Application Access pane, select Enterprise property, and then configure the following parameters
In the OAuth2 parameters pane, from the User Access Settings list, select All Users, and then configure the following parameters.
Table 1: User Access Settings Parameters
Server Authentication (OAuth2.0 with JWT)
Content--Read and write all files and folders stored in Box
Enterprise--Manage an enterprise's properties. Allows the application to view and edit enterprise attributes and reports; edit and delete device pinners.
Note: If you do not select the correct scopes, Box API displays an error message.
- Submit the public key, and then generate the key ID.
From the navigation menu, select Configuration.
From the Add and Manage Public Keys list, select Add a Public Key.
Open the public key file that you copied from JSA, and then paste the contents of the public key file in the Add Public Key text box.
Click Verify and Save, and then record the key ID for the log source configuration.
To ensure that the properties are stored on the server, click Save.
- Record your Box Enterprise ID.
Log in to the Admin Console, and then click Account Settings >Business Settings.
To locate your Enterprise ID, click the Account Info tab.
- Authorize your application.
Log in to the Box Console, and then click Account Settings >Business Settings.
Click the Apps tab.
In the Custom Applications pane, click Authorize New App.
In the App Authorization window, type the API key, and then click Next. Verify that the access level is All Users.. The API key is the client ID that you recorded.
For more information about configuring Box to communicate with JSA, see the Box website https://docs.box.com/docs/configuring-box-platform).
Verify that JSA is configured to receive events from your Box DSM. If JSA is configured correctly, no error messages appear in the Edit a log source window.