Configuring Box to Communicate with JSA

You must have a developer account.

Generate a private/public RSAkey pair for the JSON Web Token (JWT) assertion.

Open an SSH session to the JSA console.
- For a private key, type the following command:
- For a public key, type the following command:
Save a copy of the public key. You are required to paste the contents of the public key into the Add Public Key text box when you configure Box for API access.

Convert the private key to DER by typing the following command on one line:

Store the private key on your managed host in JSA.
1. Create a directory that is named box in the opt/qradar/conf/trusted_certificates/ directory in JSA.
2. Copy the private key .DER file to the opt/qradar/conf/trusted_certificates/box directory that you created. Do not store the private key in any other location.
3. Configure the log source by using only the file name of the private key file in the opt/qradar/conf/trusted_certificates/box directory. Ensure that you type the file name correctly in the Private Key File Name field when you configure the log source.
Copy the private key to the opt/qradar/conf/trusted_certificates/box directory.

Tip:
If you configure the log source before you store the private key, an error message is displayed.

To retrieve administrator logs from your Box enterprise account, you must configure Box and your JSA Console.

Create an application for your JSA appliance by clicking Create New App..
Select Enterprise Integration, and then click Next.
In the Authentication Method pane, select OAuth2.0 with JWT (Server Authentication), and then click Next.
In the field, type a name for the App, and then click create App.
Click View Your App.
From the OAuth2 parameters pane, copy and record the client ID and the client secret. You need the client ID and the client secret when you add a log source in JSA.
In the Application Access pane, select Enterprise property, and then configure the following parameters
In the OAuth2 parameters pane, from the User Access Settings list, select All Users, and then configure the following parameters.

Table 1: User Access Settings Parameters
Parameter	Value
Authentication Type:	Server Authentication (OAuth2.0 with JWT)
User Access:	All Users
Scopes:	Content--Read and write all files and folders stored in Box Enterprise--Manage an enterprise's properties. Allows the application to view and edit enterprise attributes and reports; edit and delete device pinners. Note: If you do not select the correct scopes, Box API displays an error message.

Submit the public key, and then generate the key ID.
1. From the navigation menu, select Configuration.
2. From the Add and Manage Public Keys list, select Add a Public Key.
3. Open the public key file that you copied from JSA, and then paste the contents of the public key file in the Add Public Key text box.
4. Click Verify and Save, and then record the key ID for the log source configuration.
5. To ensure that the properties are stored on the server, click Save.
Record your Box Enterprise ID.
1. Log in to the Admin Console, and then click Account Settings >Business Settings.
2. To locate your Enterprise ID, click the Account Info tab.
Authorize your application.
1. Log in to the Box Console, and then click Account Settings >Business Settings.
2. Click the Apps tab.
3. In the Custom Applications pane, click Authorize New App.
4. In the App Authorization window, type the API key, and then click Next. Verify that the access level is All Users.. The API key is the client ID that you recorded.
5. Click Authorize.
For more information about configuring Box to communicate with JSA, see the Box website https://docs.box.com/docs/configuring-box-platform).

Verify that JSA is configured to receive events from your Box DSM. If JSA is configured correctly, no error messages appear in the Edit a log source window.

Configuring Box to Communicate with JSA

Related Documentation