Configure credentials on Box for the Splunk Add-on for Box
Box uses OAuth 2.0 for authentication and authorization. For the Splunk Add-on for Box to collect data from the Box APIs, you must obtain an OAuth 2.0 client ID and client secret from Box. Before you attempt to set up the Splunk Add-on for Box, use the following steps to configure a Box client app and obtain these credentials.
Refer to Box documentation for more details and additional reference information.
- Log in to Box using an existing Box account.
The role of the Box account that you use for this configuration step affects the scope of the data you can gather with the add-on. The account and the credentials are persistent, explicitly have more than read-only permissions in Box, and and not just used to establish an API key for the nodes to communicate:
- If you use a Box account with the admin role, the add-on has permissions to gather all metadata of all files and folders and all enterprise events for your entire organization through the Box APIs.
- If you use a Box account with a co-admin role, you need to enable the permission to "Run new reports and access existing reports" for that account.
- If you use an account with a user role, you may not be able to collect all data.
- Go to https://app.box.com/master/settings/apps. Admin role will be required to access these settings.
- Select Individual Application Controls.
- Search for Splunk Add-on for Box in the search bar.
- Hover over it and select Configure. Box displays a configuration window with Splunk Add-on settings.
- In the Additional Configuration section, select + Add Integration Credentials.
- (Optional) Change the default name of the integration credentials and select Save.
- Next to OAuth 2.0 Redirect URI, in the Redirect URI field, enter the SSL-secured HTTPS URI of the Splunk Platform instance that you want to be responsible for data collection from Box, usually a heavy forwarder. For example, if the URL of your heavy forwarder is
http://<host>:8000/en-US/app/Splunk_TA_box/splunk_ta_box_redirect
, then the redirect URI is exactly the same as this. The OAuth 2.0 specification only supports HTTPS redirects, which means you need turn on SSL for Splunk Web on the instance you are using for Box data collection. Refer to Turn on encryption (https) with Splunk Web in the Splunk Enterprise security documentation for details on how to turn on SSL for Splunk Web. - In Application Scopes, select the following options based on the data you want to pull from your Box account:
Application Scope Uses Read all files and folders stored in Box. Gets data of Folders
endpoint (Collect folder metadata, Collect folder collaboration, Collect file metadata).Read and write all files and folders in Box. Gets data of Folders
endpoint (Collect tasks and comments).Manage users. Gets data of Users
endpointManage groups. Gets data of Groups
endpointManage enterprise properties. Gets data of Events
endpointIf the application scopes are changed after configuring your account in the Splunk Add-on for Box, the Box account will have to be reconfigured in the Box add-on to generate a new token with the upgraded, and downgraded access.
- Note down the Client ID and Client Secret in OAuth 2.0 Credentials. You need this when you set up the Splunk Add-on for Box.
- Click Save Changes.
Upgrade the Splunk Add-on for Box | Set up the Splunk Add-on for Box |
This documentation applies to the following versions of Splunk® Supported Add-ons: released, released
Feedback submitted, thanks!