Release history for the Splunk Add-on for Box
The latest version of the Splunk Add-on for Box is version 3.11.0. See Release notes for the Splunk Add-on for Box for the release notes of this latest version.
Version 3.10.1 of the Splunk Add-on for Box was released on December 22, 2023.
Compatibility
Version 3.10.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 9.0.x, 9.1.x |
| CIM | 5.0.1 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features
Version 3.10.1 of the Splunk Add-on for Box contains the following new features:
Fixed the security vulnerabilities found in the certifi and urllib3 libraries by upgrading their version from 2022.12.7 to 2023.11.17, 1.26.6 to 1.26.18 respectively.
Fixed issues
Version 3.10.1 of the Splunk Add-on for Box fixes the following fixed issues. If none appear, none have been reported:
Known issues
Version 3.10.1 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.
| Date filed | Issue number | Description |
|---|---|---|
| 2023-04-04 | ADDON-61684 | Box Historic Inputs are reinvoked early regardless of Interval value due to access token expiration |
Third-party software attributions
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a Document file for download:
Splunk Add-on for Box third-party software credits.
Version 3.10.0
Version 3.10.0 of the Splunk Add-on for Box was released on December 22, 2023.
Compatibility
Version 3.10.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
| CIM | 5.0.1 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features
Version 3.10.0 of the Splunk Add-on for Box contains the following new features:
- Added support for Box SDK v3.7.2
Fixed issues
Version 3.10.0 of the Splunk Add-on for Box fixes the following fixed issues. If none appear, none have been reported:
| Date resolved | Issue number | Description |
|---|---|---|
| 2023-06-27 | ADDON-62546 | OAuth account creation leads to 403 error when the redirect URI contains an IP address |
Known issues
Version 3.10.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.
| Date filed | Issue number | Description |
|---|---|---|
| 2023-04-04 | ADDON-61684 | Box Historic Inputs are reinvoked early regardless of Interval value due to access token expiration |
| 2021-06-14 | ADDON-38127 | Delay in data collection observed when interval is greater than the frequency of the refreshing access token (default is 1 hr from box side) |
Third-party software attributions
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a Document file for download:
Splunk Add-on for Box third-party software credits.
Version 3.9.0
Version 3.9.0 of the Splunk Add-on for Box was released on October 27, 2022.
Compatibility
Version 3.9.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
| CIM | 5.0.1 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features
Version 3.9.0 of the Splunk Add-on for Box contains the following new features:
- Added support for Box SDK v3.5.1
- Modified timestamp field extraction to be extracted from "modified_at"
- These sourcetypes will be affected due to this change:
box:usersbox:folderbox:folderCollabrationbox:filebox:fileComment
- Minor Bug fixes and enhancements
This change regarding timestamp field extraction won't apply to already indexed events
Fixed issues
Version 3.9.0 of the Splunk Add-on for Box fixes the following fixed issues. If none appear, none have been reported:
Known issues
Version 3.9.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.
| Date filed | Issue number | Description |
|---|---|---|
| 2023-05-26 | ADDON-62546 | OAuth account creation leads to 403 error when the redirect URI contains an IP address |
| 2023-04-04 | ADDON-61684 | Box Historic Inputs are reinvoked early regardless of Interval value due to access token expiration |
| 2021-06-14 | ADDON-38127 | Delay in data collection observed when interval is greater than the frequency of the refreshing access token (default is 1 hr from box side) |
Third-party software attributions
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a Document file for download:
Splunk Add-on for Box third-party software credits.
Version 3.8.0
Version 3.8.0 of the Splunk Add-on for Box was released on October 27, 2022.
Compatibility
Version 3.8.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x, 9.0.x |
| CIM | 5.0.1 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features
Version 3.8.0 of the Splunk Add-on for Box contains the following new features:
- Uses KV-store for checkpointing instead of files for better reliability and performance.
Confirm that you enabled the KV Store service on your Splunk instance. Refer to Troubleshooting to check the status of your KV Store service.
For the Splunk Add-on for Box version 3.6.0 and higher, we no longer support the SOCKS4 proxy. Splunk best practice is to use an HTTP or SOCKS5 proxy instead.
Fixed issues
Version 3.8.0 of the Splunk Add-on for Box fixes the following fixed issues. If none appear, none have been reported:
Known issues
Version 3.8.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.
| Date filed | Issue number | Description |
|---|---|---|
| 2021-06-14 | ADDON-38127 | Delay in data collection observed when interval is greater than the frequency of the refreshing access token (default is 1 hr from box side) |
Third-party software attributions
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a Document file for download:
Splunk Add-on for Box third-party software credits.
Version 3.7.0
Compatibility
Version 3.7.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x |
| CIM | 5.0.1 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features
Version 3.7.0 of the Splunk Add-on for Box contains the following new features:
- Added support for Box SDK v3.3.0.
For the Splunk Add-on for Box version 3.6.0 and higher, we no longer support the SOCKS4 proxy. Splunk best practice is to use an HTTP or SOCKS5 proxy instead.
Fixed issues
Version 3.7.0 of the Splunk Add-on for Box fixes the following fixed issues. If none appear, none have been reported:
Known issues
Version 3.7.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.
| Date filed | Issue number | Description |
|---|---|---|
| 2022-10-11 | ADDON-56521 | Data collection is starting from the configured date as checkpoint is getting reset hence data duplication is observed |
| 2021-06-14 | ADDON-38127 | Delay in data collection observed when interval is greater than the frequency of the refreshing access token (default is 1 hr from box side) |
Third-party software attributions
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a Document file for download:
Splunk Add-on for Box third-party software credits.
Version 3.6.0
Version 3.6.0 of the Splunk Add-on for Box was released on April 21, 2022.
Compatibility
Version 3.6.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x |
| CIM | 5.0.1 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features
Version 3.6.0 of the Splunk Add-on for Box contains the following new features:
- Compatibility with CIM version 5.0.1
- Updated to version 3.2.0 of the Box SDK.
- SSL Certificate Management Solution.
- Added Support for Box Shield Events.
- CIM Mapping and Enhancements for events associated with the
SHIELD_ALERTBox Event_type, which maps to these 4 Source Types for Threat Detection Alerts:- Suspicious locations
- Suspicious sessions
- Anomalous downloads
- Malicious content
- CIM Mapping and Enhancements for events associated with the
- Mapped the following Box Event_types with the
box:eventssource type to the Account_Management data model.- EMAIL_ALIAS_REMOVE
- EMAIL_ALIAS_ADD_UNCONFIRMED
- EMAIL_ALIAS_CONFIRM
- Mapped the following Box Event_type with the
box:eventssource type to the All_Changes data model.- UPDATE_SHARE_EXPIRATION
For the Splunk Add-on for Box version 3.6.0 and higher, we no longer support the SOCKS4 proxy. Splunk best practice is to use an HTTP or SOCKS5 proxy instead.
Data Model Changes
Version 3.6.0 of the Splunk Add-on for Box introduces data model changes for the box:events source type.
See the following table for the data model changes:
| Source type | Box Event_type | Previous Data Model | New Data Model |
|---|---|---|---|
['box:events']
|
EMAIL_ALIAS_REMOVE, EMAIL_ALIAS_ADD_UNCONFIRMED, EMAIL_ALIAS_CONFIRM | Change:Account_Management | |
['box:events']
|
UPDATE_SHARE_EXPIRATION | Change:All_Changes | |
['box:events']
|
SHIELD_ALERT | Alerts:Alerts | Malware:Malware_Attacks |
For the SHIELD_ALERT Box Event_type, Malicious Content Events are mapped to the Malware:Malware_Attacks Data Model and remaining events are mapped to the Alerts Data Model.
Field Mapping Changes
Version 3.6.0 of the Splunk Add-on for Box introduces field changes to the box:events source type.
This table includes the events for the updated datasets (within the same data model) but does not include events for those updated data models.
Field mapping changes for the box:events source type
| Source type | Box Event_type | Fields added | Fields removed | Fields modified |
|---|---|---|---|---|
['box:events']
|
EMAIL_ALIAS_REMOVE | src_user, src_user_name | object_attrs | |
['box:events']
|
UPDATE_SHARE_EXPIRATION | object_attrs | ||
['box:events']
|
EMAIL_ALIAS_ADD_UNCONFIRMED | action, status, src_user, src_user_name | object_attrs | |
['box:events']
|
EMAIL_ALIAS_CONFIRM | src_user, src_user_name | object_attrs | |
['box:events']
|
SHIELD_ALERT | file_hash, file_name | src |
Sample values for modified source types
The following tables display the field changes for the box:events source type.
box:events source type field changes
| Box Event_type | Field modified | Sample Value for Modified fields in 3.5.0 | Sample Value for Modified fields in 3.6.0 |
|---|---|---|---|
| UPDATE_SHARE_EXPIRATION | object_attrs
|
directory |
expiration |
| EMAIL_ALIAS_REMOVE, EMAIL_ALIAS_CONFIRM, EMAIL_ALIAS_ADD_UNCONFIRMED | object_attrs
|
user |
email alias |
| SHIELD_ALERT | src
|
Unknown IP |
117.99.61.179 |
Fixed issues
Version 3.6.0 of the Splunk Add-on for Box fixes the following fixed issues. If none appear, none have been reported:
Known issues
Version 3.6.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.
| Date filed | Issue number | Description |
|---|---|---|
| 2022-10-11 | ADDON-56521 | Data collection is starting from the configured date as checkpoint is getting reset hence data duplication is observed |
| 2022-05-16 | ADDON-51742 | The issue is with the field "account_id" where the user is getting "NONE" as output in events repetitively. |
| 2021-06-14 | ADDON-38127 | Delay in data collection observed when interval is greater than the frequency of the refreshing access token (default is 1 hr from box side) |
Third-party software attributions
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for Box third-party software credits.
Version 3.5.0
Version 3.5.0 of the Splunk Add-on for Box was released on February 2, 2022.
Compatibility
Version 3.5.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x |
| CIM | 5.0.0 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New Features
Version 3.5.0 of the Splunk Add-on for Box contains the following new features:
- Updated to the Box SDK version 2.14.0.
- Introduced a new Input which supports Box Enterprise Event Stream API.
- Compatibility with CIM version 5.0.0.
- Fixed below issues:
- The "Interval" field was not updated to default value when the endpoint was changed while configuring input.
- Future dates were accepted in the "Collect since timestamp" field while configuring the input.
- If no value was selected in the "Collect since timestamp" field, the default date of 90 days was not reflected in the UI while editing the input.
- Minor Bug Fixes and UI enhancements.
This release introduces changes on the Inputs page, where a new input has been added and existing input has been renamed.
For more information about these changes and configuration guide, refer to the Configure inputs for the Splunk Add-on for Box page.
Fixed issues
Version 3.5.0 of the Splunk Add-on for Box fixes the following fixed issues. If none appear, none have been reported:
Known issues
Version 3.5.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.
| Date filed | Issue number | Description |
|---|---|---|
| 2022-05-16 | ADDON-51742 | The issue is with the field "account_id" where the user is getting "NONE" as output in events repetitively. |
| 2021-06-14 | ADDON-38127 | Delay in data collection observed when interval is greater than the frequency of the refreshing access token (default is 1 hr from box side) |
Third-party software attributions
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for Box third-party software credits.
Version 3.4.1
Version 3.4.1 of the Splunk Add-on for Box was released on November 16, 2021.
Compatibility
Version 3.4.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x |
| CIM | 4.20.2 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
Fixed issues
Version 3.4.1 of the Splunk Add-on for Box fixes the following issues:
| Date resolved | Issue number | Description |
|---|---|---|
| 2021-11-09 | ADDON-42982 | Data collection is not working using proxy |
Known issues
Version 3.4.1 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.
Third-party software attributions
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for Box third-party software credits.
Version 3.4.0
Version 3.4.0 of the Splunk Add-on for Box was released on October 15, 2021.
Compatibility
Version 3.4.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.0.x, 8.1.x, 8.2.x |
| CIM | 4.20.2 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New features
Version 3.4.0 of the Splunk Add-on for Box contains the following new features:
- Enhanced CIM mappings and added support for the latest CIM version v4.20.2.
- Added support for the newly introduced DataAccess data model.
- Updated data model and CIM mappings for 31 event_types of
box:eventssourcetype to DataAccess data model. - Updated
actionandobject_attrsfield values forbox:eventssource type to CIM compliant values.
- Updated data model and CIM mappings for 31 event_types of
- Changed mappings for
usersrc_userandobject(when object is a user) CIM fields to the unique login IDs. - Updated
user&descriptionCIM fields for thebox:userssource type. - Removed the CIM tags from the
ACCESS_GRANTEDandACCESS_REVOKEDeventsforbox:eventssource type.
For more detailed CIM fields mapping changes see the tables below.
The extractions for CIM fields user, src_user and object (when object is a user), have been updated to unique login IDs instead of the First and Last names as a part of this release which could be a breaking change for the content using these fields in the existing add-on version.
Data Model Changes
Version 3.4.0 of the Splunk Add-on for Box introduces data model changes for the box:events sourcetype.
See the following table for information in data model changes:
| Source-type | Event_type | Previous Data Model | New Data Model |
|---|---|---|---|
['box:events']
|
ACCESS_GRANTED, ACCESS_REVOKED | Change:All | No Data Model |
['box:events']
|
APPLICATION_CREATED, OAUTH2_ACCESS_TOKEN_REVOKE | Change:All | Change:AccountManagement |
['box:events']
|
COPY, DELETE, DOWNLOAD, EDIT, ITEM_OPEN, ITEM_MODIFY, LOCK, UNLOCK, MOVE, PREVIEW, RENAME, UNSHARE, SHARE, STORAGE_EXPIRATION, TASK_ASSIGNMENT_CREATE, TASK_CREATE, TASK_ASSIGNMENT_UPDATE, UNDELETE, UPLOAD, WATERMARK_LABEL_CREATE, WATERMARK_LABEL_DELETE | Change:All | Data Access |
['box:events']
|
GROUP_CREATION, GROUP_EDITED, GROUP_DELETION, REMOVE_LOGIN_ACTIVITY_DEVICE | Change:AccountManagement | Change:All |
Field Mapping Changes
Version 3.4.0 of the Splunk Add-on for Box introduces field changes to the box:events, box:file and box:users sourcetypes.
This table includes the events for which the datasets changed (within the same data model) but does not include events for which the data models were changed. For example, Change DM and is All_Changes data set is now Change DM with the data set Account_Management. See https://docs.splunk.com/Documentation/CIM/4.20.0/User/Change for more information.
Sourcetype - box:events field mapping changes
| Source-type | event_type | Fields added | Fields removed |
|---|---|---|---|
['box:events']
|
ADD_LOGIN_ACTIVITY_DEVICE | vendor_type, application_id, user_id, user_name | src_user |
['box:events']
|
ADMIN_LOGIN | user_name, user_id, signature, application_id, signature_id, user_role, vendor_type | src_user |
['box:events']
|
ADVANCED_FOLDER_SETTINGS_UPDATE | parent_object_id, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, owner | src_user |
['box:events']
|
ANNOTATIONV2_CREATE | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, action, application_id, parent_object, vendor_type, object_size | src_user |
['box:events']
|
APPLICATION_CREATED | src_user_name, user_name, user_id, application_id, vendor_type | |
['box:events']
|
CHANGE_ADMIN_ROLE | src_user_name, user_name, user_id, application_id, vendor_type | |
['box:events']
|
COLLABORATION_ACCEPT | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type | src_user |
['box:events']
|
COLLABORATION_EXPIRATION | src_user | |
['box:events']
|
COLLABORATION_INVITE | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type | src_user |
['box:events']
|
COLLABORATION_REMOVE | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type | src_user |
['box:events']
|
COLLABORATION_ROLE_CHANGE | parent_object_id, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, owner | src_user |
['box:events']
|
COMMENT_CREATE | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size | src_user |
['box:events']
|
COMMENT_DELETE | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size | src_user |
['box:events']
|
COMMENT_EDIT | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size | src_user |
['box:events']
|
CONTENT_ACCESS | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, action, application_id, parent_object, vendor_type, object_size | src_user |
['box:events']
|
CONTENT_WORKFLOW_POLICY_ADD | user_name, object_category, user_id, object, object_id, application_id, vendor_type | src_user |
['box:events']
|
CONTENT_WORKFLOW_POLICY_RETIRE | status, user_name, object_category, user_id, object, object_id, application_id, action, vendor_type | src_user |
['box:events']
|
DELETE_USER | src_user_name, user_name, user_id, application_id, vendor_type | |
['box:events']
|
EDIT_USER | src_user_name, user_name, user_id, application_id, vendor_type | |
['box:events']
|
FAILED_LOGIN | user_name, signature, application_id, signature_id, vendor_type | |
['box:events']
|
GROUP_ADD_USER | src_user_name, user_name, user_id, application_id, vendor_type | |
['box:events']
|
GROUP_ADMIN_CREATED | src_user_name, user_name, user_id, application_id, vendor_type, user_type | |
['box:events']
|
GROUP_CREATION | vendor_type, application_id, user_id, user_name | src_user |
['box:events']
|
GROUP_EDITED, GROUP_DELETION | vendor_type, application_id, user_id, user_name | src_user |
['box:events']
|
GROUP_REMOVE_USER | src_user_name, user_name, user_id, application_id, vendor_type | |
['box:events']
|
LOGIN | user_name, signature, application_id, signature_id, vendor_type | |
['box:events']
|
METADATA_INSTANCE_CREATE | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size | src_user |
['box:events']
|
METADATA_INSTANCE_DELETE | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size | src_user |
['box:events']
|
METADATA_INSTANCE_UPDATE | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size | src_user |
['box:events']
|
METADATA_TEMPLATE_CREATE | user_name, object_category, user_id, object, object_id, application_id, vendor_type | src_user |
['box:events']
|
METADATA_TEMPLATE_UPDATE | user_name, object_category, user_id, object, object_id, application_id, vendor_type | src_user |
['box:events']
|
NEW_USER | src_user_name, user_name, user_id, application_id, vendor_type | |
['box:events']
|
OAUTH2_ACCESS_TOKEN_REVOKE | src_user_name, user_name, user_id, application_id, vendor_type | |
['box:events']
|
REMOVE_LOGIN_ACTIVITY_DEVICE | vendor_type, application_id, user_id, user_name | src_user |
['box:events']
|
RETENTION_POLICY_ASSIGNMENT_ADD | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type | src_user |
['box:events']
|
SHARED_LINK_REDIRECT_OUT_OF_SHARED_CONTEXT | parent_object_id, owner, owner_email, user_name, id, description, user_id, owner_id, parent_object_category, severity, signature_id, application_id, parent_object, vendor_type, object_size | src_user |
['box:events']
|
SHARE_EXPIRATION | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size | src_user |
['box:events']
|
SHIELD_ALERT | user_name, id, description, user_id, signature, severity_id, severity, signature_id, application_id, vendor_type | src_user |
['box:events']
|
TASK_UPDATE | parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size | src_user |
['box:events']
|
WORKFLOW_AUTOMATION_CREATE | user_name, user_id, application_id, action, vendor_type, status | src_user, object_id |
['box:events']
|
WORKFLOW_AUTOMATION_UPDATE | user_name, user_id, application_id, action, vendor_type, status | src_user, object_id |
Sourcetype - box:users field mapping changes
| Source-type | sourcetype | Fields added | Fields removed |
|---|---|---|---|
['box:users']
|
box:users | user_role |
Sourcetype - box:file field mapping changes
| Source-type | sourcetype | Fields added | Fields removed |
|---|---|---|---|
['box:file']
|
box:file | vendor_description |
Fixed issues
Version 3.4.0 of the Splunk Add-on for Box fixes the following issues:
Known issues
Version 3.4.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.
| Date filed | Issue number | Description |
|---|---|---|
| 2021-10-04 | ADDON-42982 | Data collection is not working using proxy |
| 2021-06-14 | ADDON-38127 | Delay in data collection observed when interval is greater than the frequency of the refreshing access token (default is 1 hr from box side) |
| 2019-11-07 | ADDON-24294 | Getting ERROR exception logs in splunkd.log for Inputs Page |
Third-party software attributions
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for Box third-party software credits.
Version 3.3.2
Version 3.3.2 of the Splunk Add-on for Box was released on July 23, 2021.
Compatibility
Version 3.3.2 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.0.x, 8.1.x, 8.2.x |
| CIM | 4.18.1 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New features
Version 3.3.2 of the Splunk Add-on for Box contains the following new features:
- Fast and intuitive UI with an improved look and feel.
- Fixed critical security issue by removing jquery2.
- Removed python2 support. Splunk only supports python3 and 8.x or above for future releases.
- Updated to the Box SDK version 2.12.0
- Compatibility with CIM version 4.18.1 and enhanced mappings:
- Mapped
box:fileComment, box:fileTask, box:folderCollaboration & box:groupssource types to Inventory DM. - Updated
destfield value fromcloudtobox.comwhich is more meaningful. - Removed
user_categoryfield from thebox:eventssource type. - Removed
enabled&serialfields from thebox:foldersource type. - Removed
serialfield from thebox:folderCollaborationsource type. - Removed
serial&user_categoryfield from thebox:userssource type.
- Mapped
- Fixed issue where the data collection for all enabled inputs was triggered hourly instead of according to the provided Collection Interval.
- Fixed issue where data was collected for all the file, tasks, comments and folders instead of selected checkboxes for the Folders endpoint.
- Enhanced UI validations.
- Minor bug fixes.
Fixed issues
Version 3.3.2 of the Splunk Add-on for Box fixes the following issues:
Known issues
Version 3.3.2 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.
| Date filed | Issue number | Description |
|---|---|---|
| 2021-10-04 | ADDON-42982 | Data collection is not working using proxy |
| 2021-06-14 | ADDON-38127 | Delay in data collection observed when interval is greater than the frequency of the refreshing access token (default is 1 hr from box side) |
| 2019-11-07 | ADDON-24294 | Getting ERROR exception logs in splunkd.log for Inputs Page |
Third-party software attributions
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for Box third-party software credits.
Version 3.2.0
Version 3.2.0 of the Splunk Add-on for Box was released on August 10, 2020.
Compatibility
Version 3.2.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 7.2.x, 7.3.x, 8.0.x, 8.1.x, 8.2.x |
| CIM | 4.15 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New features
Version 3.2.0 of the Splunk Add-on for Box contains the following new features:
- Enhanced ability to add offsets while scanning events to recover delayed events written by Box.
Fixed issues
Version 3.2.0 of the Splunk Add-on for Box fixes the following issues:
| Date resolved | Issue number | Description |
|---|---|---|
| 2020-07-07 | ADDON-27168 | Box TA appears to be cross ingesting data between multiple clientid's |
Known issues
Version 3.2.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.
| Date filed | Issue number | Description |
|---|---|---|
| 2020-08-05 | ADDON-28286 | Checkbox to collect tasks and comments is not working for Folders Endpoint |
| 2020-02-04 | ADDON-25183, ADDON-25885 | Addons UI is not compatible with Splunk 7.3.3 and Splunk 7.3.4 Workaround: Customer can switch to any other Splunk version compatible with all their apps and add-ons. |
| 2019-11-07 | ADDON-24294 | Getting ERROR exception logs in splunkd.log for Inputs Page |
Third-party software attributions
Version 3.2.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:
Version 3.1.0
Version 3.1.0 of the Splunk Add-on for Box was released on June 15, 2020.
Compatibility
Version 3.1.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 7.1.x, 7.2.x, 7.3.x, 8.0.x |
| CIM | 4.14 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
New features
Version 3.1.0 of the Splunk Add-on for Box contains the following new features:
- Enhanced compatibility with version 4.14 of the Common Information Model (CIM).
- Enhanced security features.
Fixed issues
Version 3.1.0 of the Splunk Add-on for Box fixes the following issues:
| Date resolved | Issue number | Description |
|---|---|---|
| 2020-05-21 | ADDON-26464 | The Box API endpoint doesn't collect data with configured interval for users and groups |
| 2020-05-19 | ADDON-24900 | Every time splunk is restarted, box add-on requires re-entering of credentials |
| 2020-05-07 | ADDON-26426 | Unable to collect data using socks5 proxy |
Known issues
Version 3.1.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.
| Date filed | Issue number | Description |
|---|---|---|
| 2020-08-05 | ADDON-28286 | Checkbox to collect tasks and comments is not working for Folders Endpoint |
| 2020-06-16 | ADDON-27168 | Box TA appears to be cross ingesting data between multiple clientid's |
| 2019-11-07 | ADDON-24294 | Getting ERROR exception logs in splunkd.log for Inputs Page |
Third-party software attributions
Version 3.1.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:
Version 3.0.1
Version 3.0.1 of the Splunk Add-on for Box was released on March 10, 2020.
Compatibility
Version 3.0.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.0 |
| CIM | 4.14 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
New features
Version 3.0.1 of the Splunk Add-on for Box contains the following new features:
- Default support for Python3
Fixed issues
Version 3.0.1 of the Splunk Add-on for Box fixes the following issues:
Known issues
Version 3.0.1 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.
| Date filed | Issue number | Description |
|---|---|---|
| 2020-06-16 | ADDON-27168 | Box TA appears to be cross ingesting data between multiple clientid's |
| 2020-05-26 | ADDON-26828 | Addons unable to load UI or collect data on Splunk 8.0.4, 8.0.2004 and Splunk 8.0.5 Workaround: As a manual workaround, the "import html" statement on Line 16 of splunk/lib/python3.7/site-packages/splunk/util.py file could be commented out, which does not require Splunk restart to take affect. |
| 2020-05-07 | ADDON-26464 | The Box API endpoint doesn't collect data with configured interval for users and groups |
| 2020-05-05 | ADDON-26426 | Unable to collect data using socks5 proxy |
| 2020-02-04 | ADDON-25183, ADDON-25885 | Addons UI is not compatible with Splunk 7.3.3 and Splunk 7.3.4 Workaround: Customer can switch to any other Splunk version compatible with all their apps and add-ons. |
| 2019-11-07 | ADDON-24294 | Getting ERROR exception logs in splunkd.log for Inputs Page |
Third-party software attributions
Version 3.0.1 of the Splunk Add-on for Box incorporates the following third-party software or libraries:
- Box Python SDK
- enum34
- Httplib2 Python library
- PySocks
- requests
- requests-toolbelt
- SortedContainers
- UCC components
Version 3.0.0
Version 3.0.0 of the Splunk Add-on for Box was released on December 17, 2019.
Compatibility
Version 3.0.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.0 |
| CIM | 4.14 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
New features
Version 3.0.0 of the Splunk Add-on for Box contains the following new features:
- Support for Python3
Fixed issues
Version 3.0.0 of the Splunk Add-on for Box fixes the following issues:
Known issues
Version 3.0.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.
| Date filed | Issue number | Description |
|---|---|---|
| 2020-05-26 | ADDON-26828 | Addons unable to load UI or collect data on Splunk 8.0.4, 8.0.2004 and Splunk 8.0.5 Workaround: As a manual workaround, the "import html" statement on Line 16 of splunk/lib/python3.7/site-packages/splunk/util.py file could be commented out, which does not require Splunk restart to take affect. |
| 2020-02-04 | ADDON-25183, ADDON-25885 | Addons UI is not compatible with Splunk 7.3.3 and Splunk 7.3.4 Workaround: Customer can switch to any other Splunk version compatible with all their apps and add-ons. |
| 2020-01-21 | ADDON-24900 | Every time splunk is restarted, box add-on requires re-entering of credentials |
| 2019-11-07 | ADDON-24294 | Getting ERROR exception logs in splunkd.log for Inputs Page |
Third-party software attributions
Version 3.0.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:
- Box Python SDK
- enum34
- Httplib2 Python library
- PySocks
- requests
- requests-toolbelt
- SortedContainers
- UCC components
Version 2.1.0
Version 2.1.0 of the Splunk Add-on for Box was released on August 19, 2019.
Compatibility
Version 2.1.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 6.6.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x |
| CIM | 4.13 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
New features
Version 2.1.0 of the Splunk Add-on for Box contains the following new features:
- Support for a configurable
disable_ssl_certificate_validationparameter. - Ability to identify whether Box files are publicly or privately shared.
- Ability to enable viewing of the entire parent structure of an asset.
Fixed issues
Version 2.1.0 of the Splunk Add-on for Box fixes the following issues:
| Date resolved | Issue number | Description |
|---|---|---|
| 2019-06-27 | ADDON-20371, ADDON-20370, ADDON-20372 | Box Add-on uses packaging toolkit v1.0.0 instead of v0.8.0 |
| 2019-06-27 | ADDON-21544 | Default value of "Redirect URL" field in "Add Box Account" dialog |
| 2019-02-12 | ADDON-20572 | HTTP 400 Bad request: "created_after is invalid since it is in the future" Date on the server is correct. |
Known issues
Version 2.1.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.
Third-party software attributions
Version 2.1.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:
Version 2.0.0
Version 2.0.0 of the Splunk Add-on for Box was released on October 15, 2018.
The Splunk Add-on for Box version 2.0.0 introduces breaking changes. If you are upgrading from an earlier version of the Splunk Add-on for Box, you must follow the steps outlined in Upgrade the Splunk Add-on for Box to prevent data loss.
Compatibility
Version 2.0.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 6.6.x, 7.0.x, 7.1.x, 7.2.x |
| CIM | 4.11 |
| Platforms | Linux and Windows |
| Vendor Products | Box |
New features
Version 2.0.0 of the Splunk Add-on for Box contains the following new features:
- Improved alert messaging
- Support for multiple accounts
- To distinguish between data collected from different Box accounts, the
sourcefield contains the Box URL next to the data input name.
- To distinguish between data collected from different Box accounts, the
Fixed issues
Version 2.0.0 of the Splunk Add-on for Box fixes the following issues:
| Date resolved | Issue number | Description |
|---|---|---|
| 2018-09-06 | ADDON-14136 | Proxy info is not updating |
| 2018-09-06 | ADDON-14135 | When configured through .conf files, proxy secret does not get encrypted until data input is enabled |
| 2018-09-06 | ADDON-14082 | Unable to grant access on Windows |
| 2018-08-31 | ADDON-19190 | box.conf.spec is missing from README folder |
Known issues
Version 2.0.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported:
| Date filed | Issue number | Description |
|---|---|---|
| 2019-03-21 | ADDON-21544 | Default value of "Redirect URL" field in "Add Box Account" dialog |
| 2018-12-11 | ADDON-20572 | HTTP 400 Bad request: "created_after is invalid since it is in the future" Date on the server is correct. |
| 2018-11-26 | ADDON-20371, ADDON-20370, ADDON-20372 | Box Add-on uses packaging toolkit v1.0.0 instead of v0.8.0 |
Error: created_after is invalid since it is in the future
Version 2.0.0 of the Splunk Add-on for Box has a known issue with the created_after field. It switches this value after initial data ingestion. Complete the following steps to resolve this issue:
- From the UI of the Splunk Add-on for Box, disable your input.
- Delete the checkpoint file from
$SPLUNK_HOME/var/lib/splunk/modinputs/box_service/. - Update line 271 of
$SPLUNK_HOME/etc/apps/Splunk_TA_box/bin/box_data_loader.py. It readsbefore = datetime.strftime(before, self.time_fmt). Replace this line withbefore = datetime.strftime(min(before, datetime.utcnow()), self.time_fmt). - (Optional) Update your collect_since value to avoid data duplication.
- Enable your input again.
Third-party software attributions
Version 2.0.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:
Version 1.2.0
Version 1.2.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.
About this release
| Splunk platform versions | 6.5.x, 6.6.x, 7.0.x, 7.1.x, 7.2.x |
| CIM | 4.11 |
| Platforms | Linux |
| Vendor Products | Box |
This version of the add-on drops support for Splunk platform versions older than 6.3.X. If you are running older versions of the Splunk platform, upgrade them to a minimum of 6.3.X before upgrading the add-on.
New features
Version 1.2.0 of the Splunk Add-on for Box contains the following new features:
- Support for SSL intercept mode in proxy.
Fixed issues
Version 1.2.0 of the Splunk Add-on for Box fixes the following issues.
| Date resolved | Issue number | Description |
|---|---|---|
| 2018-02-05 | ADDON-15564 | source_item_name field not extracted correctly |
| 2018-01-31 | ADDON-16795 | Added log messages in ta_box.log for files that are not supported for previews |
Known issues
Version 1.2.0 of the Splunk Add-on for Box has the following known issues.
If no issues appear below, no issues have yet been reported.
| Date filed | Issue number | Description |
|---|---|---|
| 2018-08-26 | ADDON-19190 | box.conf.spec is missing from README folder |
| 2017-03-15 | ADDON-14135 | When configured through .conf files, proxy secret does not get encrypted until data input is enabled Workaround: Configure proxy through the setup page |
| 2017-03-15 | ADDON-14136 | Proxy info is not updating Workaround: From the Box Grant page, wait several seconds before clicking "Grant access to Box". |
| 2017-03-12 | ADDON-14082 | Unable to grant access on Windows |
Third-party software attributions
Version 1.2.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries.
Version 1.1.1
Version 1.1.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.
About this release
Version 1.1.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.4.x and later |
| CIM | 4.1 and later |
| Platforms | Linux |
| Vendor Products | Box |
This version of the add-on drops support for Splunk platform versions older than 6.3.X. If you are running older versions of the Splunk platform, upgrade them to a minimum of 6.3.X before upgrading the add-on.
Version 1.1.0
Version 1.1.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.3.x and later |
| CIM | 4.1 and later |
| Platforms | Linux |
| Vendor Products | Box |
This version of the add-on drops support for Splunk platform versions older than 6.3.X. If you are running older versions of the Splunk platform, upgrade them to a minimum of 6.3.X before upgrading the add-on.
New features
Version 1.1.0 of the Splunk Add-on for Box fixes the following new features.
| Date | Issue number | Description |
|---|---|---|
| 2016/06/13 | ADDON-6817 | After you install the Splunk Add-on for Box on the search head, the Splunk platform no longer prompts you to perform any add-on setup, which is not required on the search head. |
| 2016/06/09 | ADDON-8414 | New pre-built panel for troubleshooting API errors. |
| 2016-06-02 | ADDON-6087 | The Splunk Add-on for Box now uses Box SDK for authentication, token refreshing, and auto retry on error. |
| 2016-06-02 | ADDON-9769 | Adjusted the order of the Box File API calls. |
| 2016-06-02 | ADDON-8415 | Prevented unnecessary Box API calls when a file does not exist. |
| 2016-05-25 | ADDON-9464 | Support for Box Verified Enterprise (BVE). |
Fixed issues
Version 1.1.0 of the Splunk Add-on for Box fixes the following issues.
| Date resolved | Issue number | Description |
|---|---|---|
| 2016-06-23 | ADDON-4508 | If you update the setup page and enter a start date in the wrong
format, the updates are not applied. |
| 2016-05-25 | ADDON-8987 | Timestamps not extracted correctly. |
| 2016-02-02 | ADDON-7268 | Unexpected error message: Failed to get box.conf. |
Known issues
Version 1.1.0 of the Splunk Add-on for Box has the following known issues.
| Date filed | Issue number | Description |
|---|---|---|
| 2016-10-20 | ADDON-11148 | The Splunk Add-on for Box does not index private files and folders not owned by the admin. |
| 2016-06-21 | ADDON-10293 | requireClientCert=true in server.conf is not supported by add-ons using modular inputs and REST. If this setting is enabled in server.conf, communication is broken between the modular input and splunkd and the add-on stops collecting data. The following error appears in the splunkd.log: "SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate." The workaround is to set requireClientCert=false.
|
| 2016-06-16 | ADDON-10231 | Folders with only group member assigned as Collaborator are not indexed. |
Third-party software attributions
Version 1.1.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries.
Version 1.0.2
Version 1.0.2 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 6.1.x and above |
| CIM | 4.1 and above |
| Platforms | Linux |
| Vendor Products | Box |
Fixed issues
Version 1.0.2 of the Splunk Add-on for Box fixes the following issues.
| Date resolved | Issue number | Description |
|---|---|---|
| 07/08/15 | ADDON-4491 | Change default event historical event collection to 300 days to help prevent accidental error states and expose configuration option for this in the setup UI. |
| 07/07/15 | ADDON-3870 | Improve behavior for already-configured passwords upon configuration change. |
| 07/06/15 | ADDON-4188 | Add-on sets timestamp of historical enterprise events to the data collection time instead of the created_at time. |
| 07/06/15 | ADDON-3928 | Missing CIM-compliant action value for Authentication data model. |
| 07/06/15 | ADDON-4459 | Failed to get Enterprise events when there are more than 500 events in 20 seconds. |
| 07/06/15 | ADDON-4460 | Proxy support needed in add-on conf file. |
Known issues
Version 1.0.2 of the Splunk Add-on for Box has the following known issues.
| Date filed | Issue number | Description |
|---|---|---|
| 2016-01-30 | ADDON-7646 | FIPS mode is not supported by this add-on. For a workaround, see Add-ons and FIPS mode in the Splunk Add-ons manual. |
| 2016-01-13 | ADDON-5325 | requireClientCert=true in server.conf is not supported by add-ons using modular inputs and REST. If this setting is enabled in server.conf, communication is broken between the modular input and splunkd and the add-on stops collecting data. The following error appears in the splunkd.log: "SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate." The workaround is to set requireClientCert=false.
|
| 2015/12/14 | ADDON-6984 | Default event collection frequency should be 120 seconds to avoid Box API rate limiting errors. |
| 07/13/15 | SPL-104020 | Timezone of the timestamp in enterprise events is ignored, causing discrepancy for events that do not originate in the same timezone as the machine responsible for data collection. |
| 07/10/15 | ADDON-4508 | If you update the setup page and enter a start date in the wrong format, the updates are not applied. Workaround: Enter a valid start date for Enterprise event collection to avoid reverting to the default start date (300 days ago). You can search for errors related to this by searching for eventtype=box_setup_error.
|
| 07/10/15 | ADDON-4508 | Updates to proxy usernames or passwords fail if both values are not updated together. Workaround: If you configure a proxy with a username and password, then later want to delete it, you must delete both the username and password values so they are both empty, then save. If you want to make changes, specify both the username and password values. |
| 04/21/15 | ADDON-3814 | Clien
t secret is obfuscated, making troubleshooting more difficult. |
Third-party software attributions
Version 1.0.2 of the Splunk Add-on for Box incorporates the Httplib2 Python library.
Version 1.0.1
Version 1.0.1 of the Splunk Add-on for Box has the same compatibility specifications as version 1.0.2.
Migration notes
In order to fix an issue with gathering events from the Box API, the 1.0.1 release adjusted the behavior of the event input. No specific migration activity is required as a result of these changes.
The event input now collects only one year's worth of historical events when you enable the event for the first time, instead of all events. This does not affect users upgrading from version 1.0.0. However, you can now set the date from which event data should be corrected using the configuration file. See the input configuration instructions for details.
Also, in version 1.0.1, the event input collects data in intervals of 30 seconds by default. This is a change from the previous setting of 20 seconds. Any existing event inputs set to the default interval are automatically adjusted to 30 seconds in this release. You can edit the interval at any time.
Fixed issues
Version 1.0.1 of the Splunk Add-on for Box fixed the following issue.
| Date | Issue number | Description |
| 05/04/15 | ADDON-3870 | Event gathering fails on Box API. |
Known issues
Version 1.0.1 of the Splunk Add-on for Box had the following known issues.
| Date | Issue number | Description |
| 07/06/15 | ADDON-4459 | Failed to get Enterprise events when there are more than 500 events in 20 seconds. |
| 07/06/15 | ADDON-4460 | Proxy support needed in add-on conf file. |
| 06/08/15 | ADDON-4188 | Add-on sets timestamp of historical enterprise events to the data collection time instead of the created_at time. To search for historical data, search using the created_at field, possibly including a timezone offset conversion, for historical data. |
| 05/05/15 | ADDON-3928 | Missing CIM-compliant action value for Authentication data model. |
| 04/21/15 | ADDON-3814 | Client secret is obfuscated, making troubleshooting more difficult. |
Third-party software attributions
Version 1.0.1 of the Splunk Add-on for Box incorporates the Httplib2 Python library.
Version 1.0.0
Version 1.0.0 of the Splunk Add-on for Box has the same compatibility specifications as Version 1.0.1.
New features
Version 1.0.0 of the Splunk Add-on for Box had the following new features.
| Date | Issue number | Description |
| 03/23/15 | ADDON-1389 | New Splunk-supported add-on with inputs for enterprise events, file and folder metadata, collaboration information, and user and user group data, CIM mapping, and prebuilt panels. |
Known issues
Version 1.0.0 of the Splunk Add-on for Box had the following known issues.
| Date | Issue number | Description |
| 05/05/15 | ADDON-3928 | Missing CIM-compliant action value for Authentication data model. |
| 04/22/15 | ADDON-3870 | Event gathering fails on Box API. |
| 04/21/15 | ADDON-3814 | Client secret is obfuscated, making troubleshooting more difficult. |
Third-party software attributions
Version 1.0.0 of the Splunk Add-on for Box incorporates the Httplib2 Python library.
| Release notes for the Splunk Add-on for Box | Installation and configuration overview for the Splunk Add-on for Box |
This documentation applies to the following versions of Splunk® Supported Add-ons: released, released
Download manual
Feedback submitted, thanks!