Cloudflare Docs
Cloudflare Zero Trust
View GitHub RSS feed
Edit this page on GitHub
Set theme to dark (⇧+D)

Box

The Box integration detects a variety of data loss prevention, account misconfiguration, and user security risks in an integrated Box account that could leave you and your organization vulnerable.

​​ Integration prerequisites

  • A Box account on a Business plan (Business, Business Plus, Enterprise, Enterprise Plus)

  • Access to a Box Business account with Admin permission

​​ Integration permissions

For the Box integration to function, Cloudflare CASB requires the following Box permissions via an OAuth 2.0 app:

  • Read all files and folders stored in Box

These permissions follow the principle of least privilege to ensure that only the minimum required access is granted. To learn more about the permission, refer to the Box Scopes documentation.

​​ Security findings

The Box integration currently scans for the following findings, or security risks. Findings are grouped by category and then ordered by severity level.

To stay up-to-date with new CASB findings as they are added, bookmark this page or subscribe to its RSS feed.

​​ File sharing

Identify files and folders that have been shared in a potentially insecure fashion.

To access some file findings, you may need to review shared links. For more information, refer to View shared files.

FindingSeverity
Box File publicly accessible read writeCritical
Box publicly accessible file with high download countHigh
Box Folder publicly accessible read writeHigh
Box File shared company wide read writeHigh
Box File publicly accessible read onlyHigh
Box Shared folder with high download countMedium
Box publicly accessible file with high view countMedium
Box Folder that can be shared by anyoneMedium
Box Folder shared company wide read writeMedium
Box Folder publicly accessible read onlyMedium
Box File shared company wide with high download countMedium
Box File shared company wide read onlyMedium
Box Shared folder with high view countLow
Box File larger than 2GBLow
Box Folder with external email upload accessLow
Box Folder shared company wide read onlyLow
Box File shared company wide with high view countLow

​​ Data Loss Prevention (optional)

These findings will only appear if you added DLP profiles to your CASB integration.

FindingSeverityDescription
File Publicly Accessible Read and Write with DLP Profile matchCriticalA Box file contains sensitive data that anyone on the Internet can read or write.
File Publicly Accessible Read Only with DLP Profile matchCriticalA Box file contains sensitive data that anyone on the Internet can read.
File Shared Company Wide Read and Write with DLP Profile matchMediumA Box file is shared with the entire company with read and write permissions.
File Shared Company Wide Read Only with DLP Profile matchMediumA Box file is shared with the entire company with read permissions.

​​ User access

Flag user access issues, including account misuse and users not following best practices.

FindingSeverity
Box Admin not required to use 2FAHigh
Box User not required to use 2FAMedium
Box Inactive Admin userMedium
Box User with unconfirmed notification emailLow
Box User with email alias configuredLow
Box User allowed to collaborate with external usersLow
Box Inactive userLow

​​ Account misconfigurations

Discover account and admin-level settings that have been configured in a potentially insecure way.

FindingSeverity
Box Active WebhookLow