Skip to main content
The BlueApp for Box provides deep security monitoring for your Box activities, helping you safeguard content management and file sharing through early threat detection and rapid response. It enhances the threat detection capabilities of USM Anywhere by collecting and analyzing data from your Box Enterprise account. After successfully configured, the BlueApp for Box does the following:
  • The BlueApp for Box queries the Box API every 20 minutes for information, such as authentication events, user account updates, malware and ransomware infections, application and file activities, and Box platform changes. USM Anywhere then parses the data and displays them as events in the user interface (UI).
  • The out-of-the-box correlation rules for Box events, provided by the BlueApp for Box, enable USM Anywhere to automatically create alarms, notifying you about suspicious activity in your Box environment.
  • USM Anywhere includes a predefined dashboard that provides an overview of Box activity so that you have quick visibility to streamline your investigation and incident response processes.
  • The BlueApp for Box also provides advanced security orchestration to launch or automate user-initiated actions against threats detected in your Box environment.
Warning: If the BlueApp fails and you receive a message informing you that it has not been loaded, please contact LevelBlue Technical Support to solve the problem.
This topic discusses these subtopics: Configuring the BlueApp for Box BlueApp for Box Orchestration Launching a Box Response Action Creating Box Response Action Rules
I