Release history for the Splunk Add-on for Box¶
The latest version of the Splunk Add-on for Box is version 4.0.0. See Release notes of the latest version.
Version 3.12.1¶
Version 3.12.1 of the Splunk Add-on for Box was released on January 17, 2025.
Compatibility¶
Version 3.12.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 9.0.x, 9.1.x, 9.2.x, 9.3.x |
| CIM | 5.0.1 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
Fixed issues¶
Version 3.12.1 of the Splunk Add-on for Box fixes the following fixed issues. If none appear, none have been reported:
Known issues¶
Version 3.12.1 of the Splunk Add-on for Box has the following known issues.
Third-party software attributions¶
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a Document file for download: Splunk Add-on for Box third-party software credits.
Version 3.12.0¶
Version 3.12.0 of the Splunk Add-on for Box was released on December 6, 2024.
Compatibility¶
Version 3.12.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 9.0.x, 9.1.x, 9.2.x, 9.3.x |
| CIM | 5.0.1 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
New Features¶
Version 3.12.0 of the Splunk Add-on for Box contains the following new features:
- Added support of new File Ingestion Input which allows users to ingest contents of JSON, CSV, XML, TEXT, TXT and LOG files. See Configure File Ingestion Input for more information.
- Added support for Box SDK v3.13.0.
Fixed issues¶
Version 3.12.0 of the Splunk Add-on for Box fixes the following fixed issues.
Version 3.11.0¶
Version 3.11.0 of the Splunk Add-on for Box was released on July 22, 2024.
Compatibility¶
Version 3.11.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 9.0.x, 9.1.x |
| CIM | 5.0.1 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
Note
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features¶
Version 3.11.0 of the Splunk Add-on for Box contains the following new features:
- Verified IPv6 compliance checks for the add-on and enhanced TA functionality
- Added support for Box SDK v3.9.2
Fixed issues¶
Version 3.11.0 of the Splunk Add-on for Box fixes the following fixed
issues.
Known issues¶
Version 3.11.0 of the Splunk Add-on for Box has the following known
issues.
Third-party software attributions¶
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a Document file for download: Splunk Add-on for Box third-party software credits
Version 3.10.1¶
Version 3.10.1 of the Splunk Add-on for Box was released on December 22, 2023.
Compatibility¶
Version 3.10.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 9.0.x, 9.1.x |
| CIM | 5.0.1 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
Note
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features¶
Version 3.10.1 of the Splunk Add-on for Box contains the following new features:
Fixed the security vulnerabilities found in the certifi and urllib3 libraries by upgrading their version from 2022.12.7 to 2023.11.17, 1.26.6 to 1.26.18 respectively.
Fixed issues¶
Version 3.10.1 of the Splunk Add-on for Box fixes the following fixed
issues.
Known issues¶
Version 3.10.1 of the Splunk Add-on for Box has the following known
issues.
Third-party software attributions¶
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a Document file for download: Splunk Add-on for Box third-party software credits
Version 3.10.0¶
Version 3.10.0 of the Splunk Add-on for Box was released on December 22, 2023.
Compatibility¶
Version 3.10.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
| CIM | 5.0.1 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
Note
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features¶
Version 3.10.0 of the Splunk Add-on for Box contains the following new features:
- Added support for Box SDK v3.7.2
Fixed issues¶
Version 3.10.0 of the Splunk Add-on for Box fixes the following fixed
issues.
Known issues¶
Version 3.10.0 of the Splunk Add-on for Box has the following known
issues.
Third-party software attributions¶
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a Document file for download: Splunk Add-on for Box third-party software credits
Version 3.9.0¶
Version 3.9.0 of the Splunk Add-on for Box was released on October 27, 2022.
Compatibility¶
Version 3.9.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
| CIM | 5.0.1 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
Note
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features¶
Version 3.9.0 of the Splunk Add-on for Box contains the following new features:
- Added support for Box SDK v3.5.1
- Modified timestamp field extraction to be extracted from “modified_at”
- These sourcetypes will be affected due to this change:
box:usersbox:folderbox:folderCollabrationbox:filebox:fileComment- Minor Bug fixes and enhancements
Note
This change regarding timestamp field extraction won’t apply to already indexed events
Fixed issues¶
Version 3.9.0 of the Splunk Add-on for Box fixes the following fixed
issues.
Known issues¶
Version 3.9.0 of the Splunk Add-on for Box has the following known
issues.
Third-party software attributions¶
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a Document file for download: Splunk Add-on for Box third-party software credits
Version 3.8.0¶
Version 3.8.0 of the Splunk Add-on for Box was released on October 27, 2022.
Compatibility¶
Version 3.8.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
| CIM | 5.0.1 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
Note
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features¶
Version 3.8.0 of the Splunk Add-on for Box contains the following new features:
- Uses KV-store for checkpointing instead of files for better reliability and performance.
Note
Confirm that you enabled the KV Store service on your Splunk instance. Refer to Troubleshooting to check the status of your KV Store service.
Note
For the Splunk Add-on for Box version 3.6.0 and higher, we no longer support the SOCKS4 proxy. Splunk best practice is to use an HTTP or SOCKS5 proxy instead.
Fixed issues¶
Version 3.8.0 of the Splunk Add-on for Box fixes the following fixed
issues.
Known issues¶
Version 3.8.0 of the Splunk Add-on for Box has the following known
issues.
Third-party software attributions¶
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a Document file for download: Splunk Add-on for Box third-party software credits
Version 3.7.0¶
Compatibility¶
Version 3.7.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x |
| CIM | 5.0.1 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
Note
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features¶
Version 3.7.0 of the Splunk Add-on for Box contains the following new features:
- Added support for Box SDK v3.3.0.
Note
For the Splunk Add-on for Box version 3.6.0 and higher, we no longer support the SOCKS4 proxy. Splunk best practice is to use an HTTP or SOCKS5 proxy instead.
Fixed issues¶
Version 3.7.0 of the Splunk Add-on for Box fixes the following fixed
issues.
Known issues¶
Version 3.7.0 of the Splunk Add-on for Box has the following known
issues.
Third-party software attributions¶
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a Document file for download: Splunk Add-on for Box third-party software credits
Version 3.6.0¶
Version 3.6.0 of the Splunk Add-on for Box was released on April 21, 2022.
Compatibility¶
Version 3.6.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x |
| CIM | 5.0.1 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
Note
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features¶
Version 3.6.0 of the Splunk Add-on for Box contains the following new features:
- Compatibility with CIM version 5.0.1
- Updated to version 3.2.0 of the Box SDK.
- SSL Certificate Management Solution.
- Added Support for Box Shield Events.
- CIM Mapping and Enhancements for events associated with the
SHIELD_ALERTBox Event_type, which maps to these 4 Source Types for Threat Detection Alerts:- Suspicious locations
- Suspicious sessions
- Anomalous downloads
- Malicious content
- Mapped the following Box Event_types with the
box:eventssource type to the Account_Management data model. - EMAIL_ALIAS_REMOVE
- EMAIL_ALIAS_ADD_UNCONFIRMED
- EMAIL_ALIAS_CONFIRM
- Mapped the following Box Event_type with the
box:eventssource type to the All_Changes data model. - UPDATE_SHARE_EXPIRATION
Note
For the Splunk Add-on for Box version 3.6.0 and higher, we no longer support the SOCKS4 proxy. Splunk best practice is to use an HTTP or SOCKS5 proxy instead.
Data Model Changes¶
Version 3.6.0 of the Splunk Add-on for Box introduces data model changes
for the box:events source type. See the following table for the data
model changes:
| Source type | Box Event_type | Previous Data Model | New Data Model |
|---|---|---|---|
['box:events'] |
EMAIL_ALIAS_REMOVE, EMAIL_ALIAS_ADD_UNCONFIRMED, EMAIL_ALIAS_CONFIRM | Change:Account_Management | |
['box:events'] |
UPDATE_SHARE_EXPIRATION | Change:All_Changes | |
['box:events'] |
SHIELD_ALERT | Alerts:Alerts | Malware:Malware_Attacks |
Note
For the SHIELD_ALERT Box Event_type, Malicious Content Events are
mapped to the Malware:Malware_Attacks Data Model and remaining events
are mapped to the Alerts Data Model.
Field Mapping Changes¶
Version 3.6.0 of the Splunk Add-on for Box introduces field changes to
the box:events source type.
This table includes the events for the updated datasets (within the same data model) but does not include events for those updated data models.
Field mapping changes for the box:events source type¶
| Source type | Box Event_type | Fields added | Fields removed | Fields modified |
|---|---|---|---|---|
['box:events'] |
EMAIL_ALIAS_REMOVE | src_user, src_user_name | object_attrs | |
['box:events'] |
UPDATE_SHARE_EXPIRATION | object_attrs | ||
['box:events'] |
EMAIL_ALIAS_ADD_UNCONFIRMED | action, status, src_user, src_user_name | object_attrs | |
['box:events'] |
EMAIL_ALIAS_CONFIRM | src_user, src_user_name | object_attrs | |
['box:events'] |
SHIELD_ALERT | file_hash, file_name | src |
Sample values for modified source types¶
The following tables display the field changes for the box:events
source type.
box:events source type field changes¶
| Box Event_type | Field modified | Sample Value for Modified fields in 3.5.0 | Sample Value for Modified fields in 3.6.0 |
|---|---|---|---|
| UPDATE_SHARE_EXPIRATION | object_attrs |
directory |
expiration |
| EMAIL_ALIAS_REMOVE, EMAIL_ALIAS_CONFIRM, EMAIL_ALIAS_ADD_UNCONFIRMED | object_attrs |
user |
email alias |
| SHIELD_ALERT | src |
Unknown IP |
117.99.61.179 |
Fixed issues¶
Version 3.6.0 of the Splunk Add-on for Box fixes the following fixed
issues.
Known issues¶
Version 3.6.0 of the Splunk Add-on for Box has the following known
issues.
Third-party software attributions¶
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a PDF file for download: Splunk Add-on for Box third-party software credits
Version 3.5.0¶
Version 3.5.0 of the Splunk Add-on for Box was released on February 2, 2022.
Compatibility¶
Version 3.5.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x |
| CIM | 5.0.0 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
Note
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features¶
Version 3.5.0 of the Splunk Add-on for Box contains the following new features:
- Updated to the Box SDK version 2.14.0.
- Introduced a new Input which supports Box Enterprise Event Stream API.
- Compatibility with CIM version 5.0.0.
- Fixed below issues:
- The “Interval” field was not updated to default value when the endpoint was changed while configuring input.
- Future dates were accepted in the “Collect since timestamp” field while configuring the input.
- If no value was selected in the “Collect since timestamp” field, the default date of 90 days was not reflected in the UI while editing the input.
- Minor Bug Fixes and UI enhancements.
Note
This release introduces changes on the Inputs page, where a new input has been added and existing input has been renamed.
For more information about these changes and configuration guide, refer to the Configure inputs page.
Fixed issues¶
Version 3.5.0 of the Splunk Add-on for Box fixes the following fixed
issues.
Known issues¶
Version 3.5.0 of the Splunk Add-on for Box has the following known
issues.
Third-party software attributions¶
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a PDF file for download: Splunk Add-on for Box third-party software credits
Version 3.4.1¶
Version 3.4.1 of the Splunk Add-on for Box was released on November 16, 2021.
Compatibility¶
Version 3.4.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x |
| CIM | 4.20.2 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
Note
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
Fixed issues¶
Version 3.4.1 of the Splunk Add-on for Box fixes the following issues:
Known issues¶
Version 3.4.1 of the Splunk Add-on for Box has the following known
issues.
Third-party software attributions¶
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a PDF file for download: Splunk Add-on for Box third-party software credits
Version 3.4.0¶
Version 3.4.0 of the Splunk Add-on for Box was released on October 15, 2021.
Compatibility¶
Version 3.4.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.0.x, 8.1.x, 8.2.x |
| CIM | 4.20.2 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
Note
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New features¶
Version 3.4.0 of the Splunk Add-on for Box contains the following new features:
- Enhanced CIM mappings and added support for the latest CIM version v4.20.2.
- Added support for the newly introduced DataAccess data model.
- Updated data model and CIM mappings for 31 event_types of
box:eventssourcetype to DataAccess data model. - Updated
actionandobject_attrsfield values forbox:eventssource type to CIM compliant values. - Changed mappings for
usersrc_userandobject(when object is a user) CIM fields to the unique login IDs. - Updated
user&descriptionCIM fields for thebox:userssource type. - Removed the CIM tags from the
ACCESS_GRANTEDandACCESS_REVOKEDeventsforbox:eventssource type.
Note
For more detailed CIM fields mapping changes see the tables below.
Note
The extractions for CIM fields user, src_user and object (when object is a user), have been updated to unique login IDs instead of the First and Last names as a part of this release which could be a breaking change for the content using these fields in the existing add-on version.
Data Model Changes¶
Version 3.4.0 of the Splunk Add-on for Box introduces data model changes
for the box:events sourcetype. See the following table for information
in data model changes:
| Source-type | Event_type | Previous Data Model | New Data Model |
|---|---|---|---|
['box:events'] |
ACCESS_GRANTED, ACCESS_REVOKED | Change:All | No Data Model |
['box:events'] |
APPLICATION_CREATED, OAUTH2_ACCESS_TOKEN_REVOKE | Change:All | Change:AccountManagement |
['box:events'] |
COPY, DELETE, DOWNLOAD, EDIT, ITEM_OPEN, ITEM_MODIFY, LOCK, UNLOCK, MOVE, PREVIEW, RENAME, UNSHARE, SHARE, STORAGE_EXPIRATION, TASK_ASSIGNMENT_CREATE, TASK_CREATE, TASK_ASSIGNMENT_UPDATE, UNDELETE, UPLOAD, WATERMARK_LABEL_CREATE, WATERMARK_LABEL_DELETE | Change:All | Data Access |
['box:events'] |
GROUP_CREATION, GROUP_EDITED, GROUP_DELETION, REMOVE_LOGIN_ACTIVITY_DEVICE | Change:AccountManagement | Change:All |
Field Mapping Changes¶
Version 3.4.0 of the Splunk Add-on for Box introduces field changes to
the box:events, box:file and box:users sourcetypes.
This table includes the events for which the datasets changed (within the same data model) but does not include events for which the data models were changed. For example, Change DM and is All_Changes data set is now Change DM with the data set Account_Management. See https://docs.splunk.com/Documentation/CIM/4.20.0/User/Change for more information.
Sourcetype - box:events field mapping changes¶
| Source-type | event_type | Fields added | Fields removed |
|---|---|---|---|
['box:events'] |
ADD_LOGIN_ACTIVITY_DEVICE | vendor_type, application_id, user_id, user_name | src_user |
['box:events'] |
ADMIN_LOGIN | user_name, user_id, signature, application_id, signature_id, user_role, vendor_type | src_user |
['box:events'] |
ADVANCED_FOLDER_SETTINGS_UPDATE | parent_object_id, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, owner | src_user |
['box:events'] |
ANNOTATIONV2_CREATE | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, action, application_id, parent_object, vendor_type, object_size | src_user |
['box:events'] |
APPLICATION_CREATED | src_user_name, user_name, user_id, application_id, vendor_type | |
['box:events'] |
CHANGE_ADMIN_ROLE | src_user_name, user_name, user_id, application_id, vendor_type | |
['box:events'] |
COLLABORATION_ACCEPT | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type | src_user |
['box:events'] |
COLLABORATION_EXPIRATION | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type|src_user | |
['box:events'] |
COLLABORATION_INVITE | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type | src_user |
['box:events'] |
COLLABORATION_REMOVE | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type | src_user |
['box:events'] |
COLLABORATION_ROLE_CHANGE | parent_object_id, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, owner | src_user |
['box:events'] |
COMMENT_CREATE | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size | src_user |
['box:events'] |
COMMENT_DELETE | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size | src_user |
['box:events'] |
COMMENT_EDIT | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size | src_user |
['box:events'] |
CONTENT_ACCESS | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, action, application_id, parent_object, vendor_type, object_size | src_user |
['box:events'] |
CONTENT_WORKFLOW_POLICY_ADD | user_name, object_category, user_id, object, object_id, application_id, vendor_type | src_user |
['box:events'] |
CONTENT_WORKFLOW_POLICY_RETIRE | status, user_name, object_category, user_id, object, object_id, application_id, action, vendor_type | src_user |
['box:events'] |
DELETE_USER | src_user_name, user_name, user_id, application_id, vendor_type | |
['box:events'] |
EDIT_USER | src_user_name, user_name, user_id, application_id, vendor_type | |
['box:events'] |
FAILED_LOGIN | user_name, signature, application_id, signature_id, vendor_type | |
['box:events'] |
GROUP_ADD_USER | src_user_name, user_name, user_id, application_id, vendor_type | |
['box:events'] |
GROUP_ADMIN_CREATED | src_user_name, user_name, user_id, application_id, vendor_type, user_type | |
['box:events'] |
GROUP_CREATION | vendor_type, application_id, user_id, user_name | src_user |
['box:events'] |
GROUP_EDITED, GROUP_DELETION | vendor_type, application_id, user_id, user_name | src_user |
['box:events'] |
GROUP_REMOVE_USER | src_user_name, user_name, user_id, application_id, vendor_type | |
['box:events'] |
LOGIN | user_name, signature, application_id, signature_id, vendor_type | |
['box:events'] |
METADATA_INSTANCE_CREATE | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size | src_user |
['box:events'] |
METADATA_INSTANCE_DELETE | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size | src_user |
['box:events'] |
METADATA_INSTANCE_UPDATE | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size | src_user |
['box:events'] |
METADATA_TEMPLATE_CREATE | user_name, object_category, user_id, object, object_id, application_id, vendor_type | src_user |
['box:events'] |
METADATA_TEMPLATE_UPDATE | user_name, object_category, user_id, object, object_id, application_id, vendor_type | src_user |
['box:events'] |
NEW_USER | src_user_name, user_name, user_id, application_id, vendor_type | |
['box:events'] |
OAUTH2_ACCESS_TOKEN_REVOKE | src_user_name, user_name, user_id, application_id, vendor_type | |
['box:events'] |
REMOVE_LOGIN_ACTIVITY_DEVICE | vendor_type, application_id, user_id, user_name | src_user |
['box:events'] |
RETENTION_POLICY_ASSIGNMENT_ADD | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type | src_user |
['box:events'] |
SHARED_LINK_REDIRECT_OUT_OF_SHARED_CONTEXT | parent_object_id, owner, owner_email, user_name, id, description, user_id, owner_id, parent_object_category, severity, signature_id, application_id, parent_object, vendor_type, object_size | src_user |
['box:events'] |
SHARE_EXPIRATION | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size | src_user |
['box:events'] |
SHIELD_ALERT | user_name, id, description, user_id, signature, severity_id, severity, signature_id, application_id, vendor_type | src_user |
['box:events'] |
TASK_UPDATE | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size | src_user |
['box:events'] |
WORKFLOW_AUTOMATION_CREATE | user_name, user_id, application_id, action, vendor_type, status | src_user, object_id |
['box:events'] |
WORKFLOW_AUTOMATION_UPDATE | user_name, user_id, application_id, action, vendor_type, status | src_user, object_id |
Sourcetype - box:users field mapping changes¶
| Source-type | sourcetype | Fields added | Fields removed |
|---|---|---|---|
['box:users'] |
box:users | user_role |
Sourcetype - box:file field mapping changes¶
| Source-type | sourcetype | Fields added | Fields removed |
|---|---|---|---|
['box:file'] |
box:file | vendor_description |
Fixed issues¶
Version 3.4.0 of the Splunk Add-on for Box fixes the following issues:
Known issues¶
Version 3.4.0 of the Splunk Add-on for Box has the following known
issues.
Third-party software attributions¶
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a PDF file for download: Splunk Add-on for Box third-party software credits
Version 3.3.2¶
Version 3.3.2 of the Splunk Add-on for Box was released on July 23, 2021.
Compatibility¶
Version 3.3.2 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.0.x, 8.1.x, 8.2.x |
| CIM | 4.18.1 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
Note
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New features¶
Version 3.3.2 of the Splunk Add-on for Box contains the following new features:
- Fast and intuitive UI with an improved look and feel.
- Fixed critical security issue by removing jquery2.
- Removed python2 support. Splunk only supports python3 and 8.x or above for future releases.
- Updated to the Box SDK version 2.12.0
- Compatibility with CIM version 4.18.1 and enhanced mappings:
- Mapped
box:fileComment, box:fileTask, box:folderCollaboration & box:groupssource types to Inventory DM. - Updated
destfield value fromcloudtobox.comwhich is more meaningful. - Removed
user_categoryfield from thebox:eventssource type. - Removed
enabled&serialfields from thebox:foldersource type. - Removed
serialfield from thebox:folderCollaborationsource type. - Removed
serial&user_categoryfield from thebox:userssource type. - Fixed issue where the data collection for all enabled inputs was triggered hourly instead of according to the provided Collection Interval.
- Fixed issue where data was collected for all the file, tasks, comments and folders instead of selected checkboxes for the Folders endpoint.
- Enhanced UI validations.
- Minor bug fixes.
Fixed issues¶
Version 3.3.2 of the Splunk Add-on for Box fixes the following issues:
Known issues¶
Version 3.3.2 of the Splunk Add-on for Box has the following known
issues.
Third-party software attributions¶
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a PDF file for download: Splunk Add-on for Box third-party software credits
Version 3.2.0¶
Version 3.2.0 of the Splunk Add-on for Box was released on August 10, 2020.
Compatibility¶
Version 3.2.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 7.2.x, 7.3.x, 8.0.x, 8.1.x, 8.2.x |
| CIM | 4.15 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
Note
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New features¶
Version 3.2.0 of the Splunk Add-on for Box contains the following new features:
- Enhanced ability to add offsets while scanning events to recover delayed events written by Box.
Fixed issues¶
Version 3.2.0 of the Splunk Add-on for Box fixes the following issues:
Known issues¶
Version 3.2.0 of the Splunk Add-on for Box has the following known
issues.
Third-party software attributions¶
Version 3.2.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:
Version 3.1.0¶
Version 3.1.0 of the Splunk Add-on for Box was released on June 15, 2020.
Compatibility¶
Version 3.1.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 7.1.x, 7.2.x, 7.3.x, 8.0.x |
| CIM | 4.14 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
New features¶
Version 3.1.0 of the Splunk Add-on for Box contains the following new features:
- Enhanced compatibility with version 4.14 of the Common Information Model (CIM).
- Enhanced security features.
Fixed issues¶
Version 3.1.0 of the Splunk Add-on for Box fixes the following issues:
Known issues¶
Version 3.1.0 of the Splunk Add-on for Box has the following known
issues.
Third-party software attributions¶
Version 3.1.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:
Version 3.0.1¶
Version 3.0.1 of the Splunk Add-on for Box was released on March 10, 2020.
Compatibility¶
Version 3.0.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.0 |
| CIM | 4.14 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
New features¶
Version 3.0.1 of the Splunk Add-on for Box contains the following new features:
- Default support for Python3
Fixed issues¶
Version 3.0.1 of the Splunk Add-on for Box fixes the following issues:
Known issues¶
Version 3.0.1 of the Splunk Add-on for Box has the following known
issues.
Third-party software attributions¶
Version 3.0.1 of the Splunk Add-on for Box incorporates the following third-party software or libraries:
- Box Python SDK
- enum34
- Httplib2 Python library
- PySocks
- requests
- requests-toolbelt
- SortedContainers
- UCC components
Version 3.0.0¶
Version 3.0.0 of the Splunk Add-on for Box was released on December 17, 2019.
Compatibility¶
Version 3.0.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.0 |
| CIM | 4.14 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
New features¶
Version 3.0.0 of the Splunk Add-on for Box contains the following new features:
- Support for Python3
Fixed issues¶
Version 3.0.0 of the Splunk Add-on for Box fixes the following issues:
Known issues¶
Version 3.0.0 of the Splunk Add-on for Box has the following known
issues.
Third-party software attributions¶
Version 3.0.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:
- Box Python SDK
- enum34
- Httplib2 Python library
- PySocks
- requests
- requests-toolbelt
- SortedContainers
- UCC components
Version 2.1.0¶
Version 2.1.0 of the Splunk Add-on for Box was released on August 19, 2019.
Compatibility¶
Version 2.1.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 6.6.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x |
| CIM | 4.13 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
New features¶
Version 2.1.0 of the Splunk Add-on for Box contains the following new features:
- Support for a configurable
disable_ssl_certificate_validationparameter. - Ability to identify whether Box files are publicly or privately shared.
- Ability to enable viewing of the entire parent structure of an asset.
Fixed issues¶
Version 2.1.0 of the Splunk Add-on for Box fixes the following issues:
Known issues¶
Version 2.1.0 of the Splunk Add-on for Box has the following known
issues.
Third-party software attributions¶
Version 2.1.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:
- Box Python SDK
- enum34
- Httplib2 Python library
- PySocks
- requests
- requests-toolbelt
- SortedContainers
- UCC components
Version 2.0.0¶
Version 2.0.0 of the Splunk Add-on for Box was released on October 15, 2018.
The Splunk Add-on for Box version 2.0.0 introduces breaking changes. If you are upgrading from an earlier version of the Splunk Add-on for Box, you must follow the steps outlined in Upgrade Addon to prevent data loss.
Compatibility¶
Version 2.0.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 6.6.x, 7.0.x, 7.1.x, 7.2.x |
| CIM | 4.11 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
New features¶
Version 2.0.0 of the Splunk Add-on for Box contains the following new features:
- Improved alert messaging
- Support for multiple accounts
- To distinguish between data collected from different Box accounts,
the
sourcefield contains the Box URL next to the data input name.
Fixed issues¶
Version 2.0.0 of the Splunk Add-on for Box fixes the following issues:
Known issues¶
Version 2.0.0 of the Splunk Add-on for Box has the following known
issues.
Error: created_after is invalid since it is in the future¶
Version 2.0.0 of the Splunk Add-on for Box has a known issue with the
created_after field. It switches this value after initial data
ingestion. Complete the following steps to resolve this issue:
- From the UI of the Splunk Add-on for Box, disable your input.
- Delete the checkpoint file from
$SPLUNK_HOME/var/lib/splunk/modinputs/box_service/. - Update line 271 of
$SPLUNK_HOME/etc/apps/Splunk_TA_box/bin/box_data_loader.py. It readsbefore = datetime.strftime(before, self.time_fmt). Replace this line withbefore = datetime.strftime(min(before, datetime.utcnow()), self.time_fmt). - (Optional) Update your collect_since value to avoid data duplication.
- Enable your input again.
Third-party software attributions¶
Version 2.0.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:
Version 1.2.0¶
Version 1.2.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.
About this release¶
| Splunk platform versions | 6.5.x, 6.6.x, 7.0.x, 7.1.x, 7.2.x |
| CIM | 4.11 |
| Platforms | Linux |
| Vendor Products | Box |
This version of the add-on drops support for Splunk platform versions older than 6.3.X. If you are running older versions of the Splunk platform, upgrade them to a minimum of 6.3.X before upgrading the add-on.
New features¶
Version 1.2.0 of the Splunk Add-on for Box contains the following new features:
- Support for SSL intercept mode in proxy.
Fixed issues¶
Version 1.2.0 of the Splunk Add-on for Box fixes the following issues.
Known issues¶
Version 1.2.0 of the Splunk Add-on for Box has the following known
issues.
Third-party software attributions¶
Version 1.2.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries.
Version 1.1.1¶
Version 1.1.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.
About this release¶
Version 1.1.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.4.x and later |
| CIM | 4.1 and later |
| Platforms | Linux |
| Vendor Products | Box |
This version of the add-on drops support for Splunk platform versions older than 6.3.X. If you are running older versions of the Splunk platform, upgrade them to a minimum of 6.3.X before upgrading the add-on.
Version 1.1.0¶
Version 1.1.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.3.x and later |
| CIM | 4.1 and later |
| Platforms | Linux |
| Vendor Products | Box |
This version of the add-on drops support for Splunk platform versions older than 6.3.X. If you are running older versions of the Splunk platform, upgrade them to a minimum of 6.3.X before upgrading the add-on.
New features¶
Version 1.1.0 of the Splunk Add-on for Box fixes the following new features.
| Date | Issue number | Description |
|---|---|---|
| 2016/06/13 | ADDON-6817 | After you install the Splunk Add-on for Box on the search head, the Splunk platform no longer prompts you to perform any add-on setup, which is not required on the search head. |
| 2016/06/09 | ADDON-8414 | New pre-built panel for troubleshooting API errors. |
| 2016-06-02 | ADDON-6087 | The Splunk Add-on for Box now uses Box SDK for authentication, token refreshing, and auto retry on error. |
| 2016-06-02 | ADDON-9769 | Adjusted the order of the Box File API calls. |
| 2016-06-02 | ADDON-8415 | Prevented unnecessary Box API calls when a file does not exist. |
| 2016-05-25 | ADDON-9464 | Support for Box Verified Enterprise (BVE). |
Fixed issues¶
Version 1.1.0 of the Splunk Add-on for Box fixes the following issues.
Known issues¶
Version 1.1.0 of the Splunk Add-on for Box has the following known issues.
Third-party software attributions¶
Version 1.1.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries.
Version 1.0.2¶
Version 1.0.2 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.1.x and above |
| CIM | 4.1 and above |
| Platforms | Linux |
| Vendor Products | Box |
Fixed issues¶
Version 1.0.2 of the Splunk Add-on for Box fixes the following issues.
Known issues¶
Version 1.0.2 of the Splunk Add-on for Box has the following known issues.
Third-party software attributions¶
Version 1.0.2 of the Splunk Add-on for Box incorporates the
Version 1.0.1¶
Version 1.0.1 of the Splunk Add-on for Box has the same compatibility specifications as version 1.0.2.
Migration notes¶
In order to fix an issue with gathering events from the Box API, the 1.0.1 release adjusted the behavior of the event input. No specific migration activity is required as a result of these changes.
The event input now collects only one year’s worth of historical events when you enable the event for the first time, instead of all events. This does not affect users upgrading from version 1.0.0. However, you can now set the date from which event data should be corrected using the configuration file. See the input configuration for details.
Also, in version 1.0.1, the event input collects data in intervals of 30 seconds by default. This is a change from the previous setting of 20 seconds. Any existing event inputs set to the default interval are automatically adjusted to 30 seconds in this release. You can edit the interval at any time.
Fixed issues¶
Version 1.0.1 of the Splunk Add-on for Box fixed the following issue.
Known issues¶
Version 1.0.1 of the Splunk Add-on for Box had the following known issues.
Third-party software attributions¶
Version 1.0.1 of the Splunk Add-on for Box incorporates the
Version 1.0.0¶
Version 1.0.0 of the Splunk Add-on for Box has the same compatibility specifications as Version 1.0.1.
New features¶
Version 1.0.0 of the Splunk Add-on for Box had the following new features.
| Date | Issue number | Description |
| 03/23/15 | ADDON-1389 | New Splunk-supported add-on with inputs for enterprise events, file and folder metadata, collaboration information, and user and user group data, CIM mapping, and prebuilt panels. |
Known issues¶
Version 1.0.0 of the Splunk Add-on for Box had the following known issues.
Third-party software attributions¶
Version 1.0.0 of the Splunk Add-on for Box incorporates the