You must have a developer account.
Generate a private/public RSAkey pair for the JSON Web Token
(JWT) assertion.
Open an SSH session to the JSA console.
For a private key, type the following command:
openssl genrsa -out box_private_key.pem 2048
For a public key, type the following command:
openssl rsa -pubout -in box_private_key.pem -out box_public_key.pem
Note: Save a copy of the public key. You are required to paste
the contents of the public key into the Add Public Key text
box when you configure Box for API access.
Convert the private key to DER by typing the following
command on one line:
openssl pkcs8 -topk8 -inform PEM -outform DER -in box_private_key.pem
-out box_private_key.der -nocrypt
Store the private key in JSA.
Create a directory that is named box in the opt/qradar/conf/trusted_certificates/ directory in JSA.
Copy the private key .DER file to the opt/qradar/conf/trusted_certificates/box directory that you created. Do not store the private key in any
other location.
Configure the log source by using only the file name of
the private key file in the opt/qradar/conf/trusted_certificates/box directory. Ensure that you type the file name correctly in the Private Key File Name field when you configure the log source.
Note: Copy the private key to the opt/qradar/conf/trusted_certificates/box directory before you configure the log source. If you configure
the log source before you store the private key, an error message
is displayed.
To retrieve administrator logs from your Box enterprise account,
you must configure Box and your JSA Console.
- Log in to Box Developers portal (http://developers.box.com/).
You now have access to the Admin and Box Consoles.
Create an application for your JSA appliance by clicking Create New App..
Select Enterprise Integration, and then click Next.
In the Authentication Method pane, select OAuth2.0 with JWT (Server Authentication), and then click Next.
In the field, type a name for the App, and then click create App.
Click View Your App.
From the OAuth2 parameters pane, copy and record the client ID and the client secret. You need the client ID and the client secret when you add a
log source in JSA.
In the Application Access pane, select Enterprise property, and then configure the following parameters
In the OAuth2 parameters pane, from
the User Access Settings list, select All Users, and then configure the following parameters.
Table 1: User Access Settings ParametersParameter
|
Value
|
|---|
Authentication Type:
|
Server Authentication (OAuth2.0 with JWT)
|
User Access:
|
All Users
|
Scopes:
|
Note: If you do not select the correct scopes, Box API displays
an error message.
|
- Submit the public key, and then generate the key ID.
From the navigation menu, select Configuration.
From the Add and Manage Public Keys list, select Add a Public Key.
Open the public key file that you copied from JSA, and then paste the contents of the public key file in
the Add Public Key text box.
Click Verify and Save, and
then record the key ID for the log source configuration.
To ensure that the properties are stored on the
server, click Save.
- Record your Box Enterprise ID.
Log in to the Admin Console, and then click Account Settings >Business Settings.
To locate your Enterprise ID, click the Account
Info tab.
- Authorize your application.
Log in to the Box Console, and then click Account Settings >Business Settings.
Click the Apps tab.
In the Custom Applications pane, click Authorize New App.
In the App Authorization window, type
the API key, and then click Next. Verify that the access
level is All Users.. The API key is the
client ID that you recorded.
Click Authorize.
For more information about configuring Box to communicate with JSA, see the Box website https://docs.box.com/docs/configuring-box-platform).
Verify that JSA is configured to receive events
from your Box DSM. If JSA is configured correctly, no
error messages appear in the Edit a log source window.
