Splunk® Supported Add-ons

Splunk Add-on for Box

Release history for the Splunk Add-on for Box

The latest version of the Splunk Add-on for Box is version 3.11.0. See Release notes for the Splunk Add-on for Box for the release notes of this latest version.

Version 3.10.1 of the Splunk Add-on for Box was released on December 22, 2023.

Compatibility

Version 3.10.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 9.0.x, 9.1.x
CIM 5.0.1
Platforms Linux and Windows
Vendor Products Box

The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New Features

Version 3.10.1 of the Splunk Add-on for Box contains the following new features:

Fixed the security vulnerabilities found in the certifi and urllib3 libraries by upgrading their version from 2022.12.7 to 2023.11.17, 1.26.6 to 1.26.18 respectively.

Fixed issues

Version 3.10.1 of the Splunk Add-on for Box fixes the following fixed issues. If none appear, none have been reported:


Known issues

Version 3.10.1 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2023-04-04 ADDON-61684 Box Historic Inputs are reinvoked early regardless of Interval value due to access token expiration

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

A complete listing of third-party software information for this add-on is available as a Document file for download:
Splunk Add-on for Box third-party software credits.

Version 3.10.0

Version 3.10.0 of the Splunk Add-on for Box was released on December 22, 2023.

Compatibility

Version 3.10.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.1.x, 8.2.x, 9.0.x
CIM 5.0.1
Platforms Linux and Windows
Vendor Products Box

The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New Features

Version 3.10.0 of the Splunk Add-on for Box contains the following new features:

  • Added support for Box SDK v3.7.2

Fixed issues

Version 3.10.0 of the Splunk Add-on for Box fixes the following fixed issues. If none appear, none have been reported:


Date resolved Issue number Description
2023-06-27 ADDON-62546 OAuth account creation leads to 403 error when the redirect URI contains an IP address

Known issues

Version 3.10.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2023-04-04 ADDON-61684 Box Historic Inputs are reinvoked early regardless of Interval value due to access token expiration
2021-06-14 ADDON-38127 Delay in data collection observed when interval is greater than the frequency of the refreshing access token (default is 1 hr from box side)

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

A complete listing of third-party software information for this add-on is available as a Document file for download:
Splunk Add-on for Box third-party software credits.

Version 3.9.0

Version 3.9.0 of the Splunk Add-on for Box was released on October 27, 2022.

Compatibility

Version 3.9.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.1.x, 8.2.x, 9.0.x
CIM 5.0.1
Platforms Linux and Windows
Vendor Products Box

The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New Features

Version 3.9.0 of the Splunk Add-on for Box contains the following new features:

  • Added support for Box SDK v3.5.1
  • Modified timestamp field extraction to be extracted from "modified_at"
  • These sourcetypes will be affected due to this change:
    • box:users
    • box:folder
    • box:folderCollabration
    • box:file
    • box:fileComment
  • Minor Bug fixes and enhancements

This change regarding timestamp field extraction won't apply to already indexed events


Fixed issues

Version 3.9.0 of the Splunk Add-on for Box fixes the following fixed issues. If none appear, none have been reported:

Known issues

Version 3.9.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2023-05-26 ADDON-62546 OAuth account creation leads to 403 error when the redirect URI contains an IP address
2023-04-04 ADDON-61684 Box Historic Inputs are reinvoked early regardless of Interval value due to access token expiration
2021-06-14 ADDON-38127 Delay in data collection observed when interval is greater than the frequency of the refreshing access token (default is 1 hr from box side)

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

A complete listing of third-party software information for this add-on is available as a Document file for download:
Splunk Add-on for Box third-party software credits.

Version 3.8.0

Version 3.8.0 of the Splunk Add-on for Box was released on October 27, 2022.

Compatibility

Version 3.8.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.1.x, 8.2.x, 9.0.x
CIM 5.0.1
Platforms Linux and Windows
Vendor Products Box

The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New Features

Version 3.8.0 of the Splunk Add-on for Box contains the following new features:

  • Uses KV-store for checkpointing instead of files for better reliability and performance.

Confirm that you enabled the KV Store service on your Splunk instance. Refer to Troubleshooting to check the status of your KV Store service.

For the Splunk Add-on for Box version 3.6.0 and higher, we no longer support the SOCKS4 proxy. Splunk best practice is to use an HTTP or SOCKS5 proxy instead.

Fixed issues

Version 3.8.0 of the Splunk Add-on for Box fixes the following fixed issues. If none appear, none have been reported:


Known issues

Version 3.8.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2021-06-14 ADDON-38127 Delay in data collection observed when interval is greater than the frequency of the refreshing access token (default is 1 hr from box side)

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

A complete listing of third-party software information for this add-on is available as a Document file for download:
Splunk Add-on for Box third-party software credits.


Version 3.7.0

Compatibility

Version 3.7.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.1.x, 8.2.x
CIM 5.0.1
Platforms Linux and Windows
Vendor Products Box

The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New Features

Version 3.7.0 of the Splunk Add-on for Box contains the following new features:

  • Added support for Box SDK v3.3.0.


For the Splunk Add-on for Box version 3.6.0 and higher, we no longer support the SOCKS4 proxy. Splunk best practice is to use an HTTP or SOCKS5 proxy instead.


Fixed issues

Version 3.7.0 of the Splunk Add-on for Box fixes the following fixed issues. If none appear, none have been reported:


Known issues

Version 3.7.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2022-10-11 ADDON-56521 Data collection is starting from the configured date as checkpoint is getting reset hence data duplication is observed
2021-06-14 ADDON-38127 Delay in data collection observed when interval is greater than the frequency of the refreshing access token (default is 1 hr from box side)

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

A complete listing of third-party software information for this add-on is available as a Document file for download:
Splunk Add-on for Box third-party software credits.



Version 3.6.0

Version 3.6.0 of the Splunk Add-on for Box was released on April 21, 2022.

Compatibility

Version 3.6.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.1.x, 8.2.x
CIM 5.0.1
Platforms Linux and Windows
Vendor Products Box

The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New Features

Version 3.6.0 of the Splunk Add-on for Box contains the following new features:

  • Compatibility with CIM version 5.0.1
  • Updated to version 3.2.0 of the Box SDK.
  • SSL Certificate Management Solution.
  • Added Support for Box Shield Events.
    • CIM Mapping and Enhancements for events associated with the SHIELD_ALERT Box Event_type, which maps to these 4 Source Types for Threat Detection Alerts:
      • Suspicious locations
      • Suspicious sessions
      • Anomalous downloads
      • Malicious content
  • Mapped the following Box Event_types with the box:events source type to the Account_Management data model.
    • EMAIL_ALIAS_REMOVE
    • EMAIL_ALIAS_ADD_UNCONFIRMED
    • EMAIL_ALIAS_CONFIRM
  • Mapped the following Box Event_type with the box:events source type to the All_Changes data model.
    • UPDATE_SHARE_EXPIRATION

For the Splunk Add-on for Box version 3.6.0 and higher, we no longer support the SOCKS4 proxy. Splunk best practice is to use an HTTP or SOCKS5 proxy instead.

Data Model Changes

Version 3.6.0 of the Splunk Add-on for Box introduces data model changes for the box:events source type. See the following table for the data model changes:

Source type Box Event_type Previous Data Model New Data Model
['box:events'] EMAIL_ALIAS_REMOVE, EMAIL_ALIAS_ADD_UNCONFIRMED, EMAIL_ALIAS_CONFIRM Change:Account_Management
['box:events'] UPDATE_SHARE_EXPIRATION Change:All_Changes
['box:events'] SHIELD_ALERT Alerts:Alerts Malware:Malware_Attacks

For the SHIELD_ALERT Box Event_type, Malicious Content Events are mapped to the Malware:Malware_Attacks Data Model and remaining events are mapped to the Alerts Data Model.

Field Mapping Changes

Version 3.6.0 of the Splunk Add-on for Box introduces field changes to the box:events source type.

This table includes the events for the updated datasets (within the same data model) but does not include events for those updated data models.

Field mapping changes for the box:events source type

Source type Box Event_type Fields added Fields removed Fields modified
['box:events'] EMAIL_ALIAS_REMOVE src_user, src_user_name object_attrs
['box:events'] UPDATE_SHARE_EXPIRATION object_attrs
['box:events'] EMAIL_ALIAS_ADD_UNCONFIRMED action, status, src_user, src_user_name object_attrs
['box:events'] EMAIL_ALIAS_CONFIRM src_user, src_user_name object_attrs
['box:events'] SHIELD_ALERT file_hash, file_name src

Sample values for modified source types

The following tables display the field changes for the box:events source type.


box:events source type field changes

Box Event_type Field modified Sample Value for Modified fields in 3.5.0 Sample Value for Modified fields in 3.6.0
UPDATE_SHARE_EXPIRATION object_attrs
directory
expiration
EMAIL_ALIAS_REMOVE, EMAIL_ALIAS_CONFIRM, EMAIL_ALIAS_ADD_UNCONFIRMED object_attrs
user
email alias
SHIELD_ALERT src
Unknown IP
117.99.61.179

Fixed issues

Version 3.6.0 of the Splunk Add-on for Box fixes the following fixed issues. If none appear, none have been reported:


Known issues

Version 3.6.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2022-10-11 ADDON-56521 Data collection is starting from the configured date as checkpoint is getting reset hence data duplication is observed
2022-05-16 ADDON-51742 The issue is with the field "account_id" where the user is getting "NONE" as output in events repetitively.
2021-06-14 ADDON-38127 Delay in data collection observed when interval is greater than the frequency of the refreshing access token (default is 1 hr from box side)

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for Box third-party software credits.


Version 3.5.0

Version 3.5.0 of the Splunk Add-on for Box was released on February 2, 2022.

Compatibility

Version 3.5.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.1.x, 8.2.x
CIM 5.0.0
Platforms Linux and Windows
Vendor Products Box

The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New Features

Version 3.5.0 of the Splunk Add-on for Box contains the following new features:

  • Updated to the Box SDK version 2.14.0.
  • Introduced a new Input which supports Box Enterprise Event Stream API.
  • Compatibility with CIM version 5.0.0.
  • Fixed below issues:
    • The "Interval" field was not updated to default value when the endpoint was changed while configuring input.
    • Future dates were accepted in the "Collect since timestamp" field while configuring the input.
    • If no value was selected in the "Collect since timestamp" field, the default date of 90 days was not reflected in the UI while editing the input.
    • Minor Bug Fixes and UI enhancements.

This release introduces changes on the Inputs page, where a new input has been added and existing input has been renamed.

For more information about these changes and configuration guide, refer to the Configure inputs for the Splunk Add-on for Box page.

Fixed issues

Version 3.5.0 of the Splunk Add-on for Box fixes the following fixed issues. If none appear, none have been reported:


Known issues

Version 3.5.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2022-05-16 ADDON-51742 The issue is with the field "account_id" where the user is getting "NONE" as output in events repetitively.
2021-06-14 ADDON-38127 Delay in data collection observed when interval is greater than the frequency of the refreshing access token (default is 1 hr from box side)

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for Box third-party software credits.


Version 3.4.1

Version 3.4.1 of the Splunk Add-on for Box was released on November 16, 2021.

Compatibility

Version 3.4.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.1.x, 8.2.x
CIM 4.20.2
Platforms Linux and Windows
Vendor Products Box

The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

Fixed issues

Version 3.4.1 of the Splunk Add-on for Box fixes the following issues:


Date resolved Issue number Description
2021-11-09 ADDON-42982 Data collection is not working using proxy

Known issues

Version 3.4.1 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for Box third-party software credits.


Version 3.4.0

Version 3.4.0 of the Splunk Add-on for Box was released on October 15, 2021.

Compatibility

Version 3.4.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.0.x, 8.1.x, 8.2.x
CIM 4.20.2
Platforms Linux and Windows
Vendor Products Box

The new field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features

Version 3.4.0 of the Splunk Add-on for Box contains the following new features:

  • Enhanced CIM mappings and added support for the latest CIM version v4.20.2.
  • Added support for the newly introduced DataAccess data model.
    • Updated data model and CIM mappings for 31 event_types of box:events sourcetype to DataAccess data model.
    • Updated action and object_attrs field values for box:events source type to CIM compliant values.
  • Changed mappings for user src_user and object (when object is a user) CIM fields to the unique login IDs.
  • Updated user & description CIM fields for the box:users source type.
  • Removed the CIM tags from the ACCESS_GRANTED and ACCESS_REVOKED eventsfor box:events source type.

For more detailed CIM fields mapping changes see the tables below.

The extractions for CIM fields user, src_user and object (when object is a user), have been updated to unique login IDs instead of the First and Last names as a part of this release which could be a breaking change for the content using these fields in the existing add-on version.

Data Model Changes

Version 3.4.0 of the Splunk Add-on for Box introduces data model changes for the box:events sourcetype. See the following table for information in data model changes:

Source-type Event_type Previous Data Model New Data Model
['box:events'] ACCESS_GRANTED, ACCESS_REVOKED Change:All No Data Model
['box:events'] APPLICATION_CREATED, OAUTH2_ACCESS_TOKEN_REVOKE Change:All Change:AccountManagement
['box:events'] COPY, DELETE, DOWNLOAD, EDIT, ITEM_OPEN, ITEM_MODIFY, LOCK, UNLOCK, MOVE, PREVIEW, RENAME, UNSHARE, SHARE, STORAGE_EXPIRATION, TASK_ASSIGNMENT_CREATE, TASK_CREATE, TASK_ASSIGNMENT_UPDATE, UNDELETE, UPLOAD, WATERMARK_LABEL_CREATE, WATERMARK_LABEL_DELETE Change:All Data Access
['box:events'] GROUP_CREATION, GROUP_EDITED, GROUP_DELETION, REMOVE_LOGIN_ACTIVITY_DEVICE Change:AccountManagement Change:All

Field Mapping Changes

Version 3.4.0 of the Splunk Add-on for Box introduces field changes to the box:events, box:file and box:users sourcetypes.

This table includes the events for which the datasets changed (within the same data model) but does not include events for which the data models were changed. For example, Change DM and is All_Changes data set is now Change DM with the data set Account_Management. See https://docs.splunk.com/Documentation/CIM/4.20.0/User/Change for more information.

Sourcetype - box:events field mapping changes

Source-type event_type Fields added Fields removed
['box:events'] ADD_LOGIN_ACTIVITY_DEVICE vendor_type, application_id, user_id, user_name src_user
['box:events'] ADMIN_LOGIN user_name, user_id, signature, application_id, signature_id, user_role, vendor_type src_user
['box:events'] ADVANCED_FOLDER_SETTINGS_UPDATE parent_object_id, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, owner src_user
['box:events'] ANNOTATIONV2_CREATE parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, action, application_id, parent_object, vendor_type, object_size src_user
['box:events'] APPLICATION_CREATED src_user_name, user_name, user_id, application_id, vendor_type
['box:events'] CHANGE_ADMIN_ROLE src_user_name, user_name, user_id, application_id, vendor_type
['box:events'] COLLABORATION_ACCEPT parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type src_user
['box:events'] COLLABORATION_EXPIRATION src_user
['box:events'] COLLABORATION_INVITE parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type src_user
['box:events'] COLLABORATION_REMOVE parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type src_user
['box:events'] COLLABORATION_ROLE_CHANGE parent_object_id, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, owner src_user
['box:events'] COMMENT_CREATE parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size src_user
['box:events'] COMMENT_DELETE parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size src_user
['box:events'] COMMENT_EDIT parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size src_user
['box:events'] CONTENT_ACCESS parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, action, application_id, parent_object, vendor_type, object_size src_user
['box:events'] CONTENT_WORKFLOW_POLICY_ADD user_name, object_category, user_id, object, object_id, application_id, vendor_type src_user
['box:events'] CONTENT_WORKFLOW_POLICY_RETIRE status, user_name, object_category, user_id, object, object_id, application_id, action, vendor_type src_user
['box:events'] DELETE_USER src_user_name, user_name, user_id, application_id, vendor_type
['box:events'] EDIT_USER src_user_name, user_name, user_id, application_id, vendor_type
['box:events'] FAILED_LOGIN user_name, signature, application_id, signature_id, vendor_type
['box:events'] GROUP_ADD_USER src_user_name, user_name, user_id, application_id, vendor_type
['box:events'] GROUP_ADMIN_CREATED src_user_name, user_name, user_id, application_id, vendor_type, user_type
['box:events'] GROUP_CREATION vendor_type, application_id, user_id, user_name src_user
['box:events'] GROUP_EDITED, GROUP_DELETION vendor_type, application_id, user_id, user_name src_user
['box:events'] GROUP_REMOVE_USER src_user_name, user_name, user_id, application_id, vendor_type
['box:events'] LOGIN user_name, signature, application_id, signature_id, vendor_type
['box:events'] METADATA_INSTANCE_CREATE parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size src_user
['box:events'] METADATA_INSTANCE_DELETE parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size src_user
['box:events'] METADATA_INSTANCE_UPDATE parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size src_user
['box:events'] METADATA_TEMPLATE_CREATE user_name, object_category, user_id, object, object_id, application_id, vendor_type src_user
['box:events'] METADATA_TEMPLATE_UPDATE user_name, object_category, user_id, object, object_id, application_id, vendor_type src_user
['box:events'] NEW_USER src_user_name, user_name, user_id, application_id, vendor_type
['box:events'] OAUTH2_ACCESS_TOKEN_REVOKE src_user_name, user_name, user_id, application_id, vendor_type
['box:events'] REMOVE_LOGIN_ACTIVITY_DEVICE vendor_type, application_id, user_id, user_name src_user
['box:events'] RETENTION_POLICY_ASSIGNMENT_ADD parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type src_user
['box:events'] SHARED_LINK_REDIRECT_OUT_OF_SHARED_CONTEXT parent_object_id, owner, owner_email, user_name, id, description, user_id, owner_id, parent_object_category, severity, signature_id, application_id, parent_object, vendor_type, object_size src_user
['box:events'] SHARE_EXPIRATION parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size src_user
['box:events'] SHIELD_ALERT user_name, id, description, user_id, signature, severity_id, severity, signature_id, application_id, vendor_type src_user
['box:events'] TASK_UPDATE parent_object_id, owner, owner_email, user_name, user_id, owner_id, parent_object_category, application_id, parent_object, vendor_type, object_size src_user
['box:events'] WORKFLOW_AUTOMATION_CREATE user_name, user_id, application_id, action, vendor_type, status src_user, object_id
['box:events'] WORKFLOW_AUTOMATION_UPDATE user_name, user_id, application_id, action, vendor_type, status src_user, object_id


Sourcetype - box:users field mapping changes

Source-type sourcetype Fields added Fields removed
['box:users'] box:users user_role

Sourcetype - box:file field mapping changes

Source-type sourcetype Fields added Fields removed
['box:file'] box:file vendor_description

Fixed issues

Version 3.4.0 of the Splunk Add-on for Box fixes the following issues:


Known issues

Version 3.4.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2021-10-04 ADDON-42982 Data collection is not working using proxy
2021-06-14 ADDON-38127 Delay in data collection observed when interval is greater than the frequency of the refreshing access token (default is 1 hr from box side)
2019-11-07 ADDON-24294 Getting ERROR exception logs in splunkd.log for Inputs Page

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for Box third-party software credits.

Version 3.3.2

Version 3.3.2 of the Splunk Add-on for Box was released on July 23, 2021.

Compatibility

Version 3.3.2 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.0.x, 8.1.x, 8.2.x
CIM 4.18.1
Platforms Linux and Windows
Vendor Products Box

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features

Version 3.3.2 of the Splunk Add-on for Box contains the following new features:

  • Fast and intuitive UI with an improved look and feel.
  • Fixed critical security issue by removing jquery2.
  • Removed python2 support. Splunk only supports python3 and 8.x or above for future releases.
  • Updated to the Box SDK version 2.12.0
  • Compatibility with CIM version 4.18.1 and enhanced mappings:
    • Mapped box:fileComment, box:fileTask, box:folderCollaboration & box:groups source types to Inventory DM.
    • Updated dest field value from cloud to box.com which is more meaningful.
    • Removed user_category field from the box:events source type.
    • Removed enabled & serial fields from the box:folder source type.
    • Removed serial field from the box:folderCollaboration source type.
    • Removed serial & user_category field from the box:users source type.
  • Fixed issue where the data collection for all enabled inputs was triggered hourly instead of according to the provided Collection Interval.
  • Fixed issue where data was collected for all the file, tasks, comments and folders instead of selected checkboxes for the Folders endpoint.
  • Enhanced UI validations.
  • Minor bug fixes.

Fixed issues

Version 3.3.2 of the Splunk Add-on for Box fixes the following issues:


Known issues

Version 3.3.2 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2021-10-04 ADDON-42982 Data collection is not working using proxy
2021-06-14 ADDON-38127 Delay in data collection observed when interval is greater than the frequency of the refreshing access token (default is 1 hr from box side)
2019-11-07 ADDON-24294 Getting ERROR exception logs in splunkd.log for Inputs Page

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for Box third-party software credits.


Version 3.2.0

Version 3.2.0 of the Splunk Add-on for Box was released on August 10, 2020.

Compatibility

Version 3.2.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.2.x, 7.3.x, 8.0.x, 8.1.x, 8.2.x
CIM 4.15
Platforms Linux and Windows
Vendor Products Box

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features

Version 3.2.0 of the Splunk Add-on for Box contains the following new features:

  • Enhanced ability to add offsets while scanning events to recover delayed events written by Box.

Fixed issues

Version 3.2.0 of the Splunk Add-on for Box fixes the following issues:


Date resolved Issue number Description
2020-07-07 ADDON-27168 Box TA appears to be cross ingesting data between multiple clientid's

Known issues

Version 3.2.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2020-08-05 ADDON-28286 Checkbox to collect tasks and comments is not working for Folders Endpoint
2020-02-04 ADDON-25183, ADDON-25885 Addons UI is not compatible with Splunk 7.3.3 and Splunk 7.3.4

Workaround:
Customer can switch to any other Splunk version compatible with all their apps and add-ons.
2019-11-07 ADDON-24294 Getting ERROR exception logs in splunkd.log for Inputs Page


Third-party software attributions

Version 3.2.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:

Version 3.1.0

Version 3.1.0 of the Splunk Add-on for Box was released on June 15, 2020.

Compatibility

Version 3.1.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.1.x, 7.2.x, 7.3.x, 8.0.x
CIM 4.14
Platforms Linux and Windows
Vendor Products Box

New features

Version 3.1.0 of the Splunk Add-on for Box contains the following new features:

  • Enhanced compatibility with version 4.14 of the Common Information Model (CIM).
  • Enhanced security features.

Fixed issues

Version 3.1.0 of the Splunk Add-on for Box fixes the following issues:


Date resolved Issue number Description
2020-05-21 ADDON-26464 The Box API endpoint doesn't collect data with configured interval for users and groups
2020-05-19 ADDON-24900 Every time splunk is restarted, box add-on requires re-entering of credentials
2020-05-07 ADDON-26426 Unable to collect data using socks5 proxy

Known issues

Version 3.1.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2020-08-05 ADDON-28286 Checkbox to collect tasks and comments is not working for Folders Endpoint
2020-06-16 ADDON-27168 Box TA appears to be cross ingesting data between multiple clientid's
2019-11-07 ADDON-24294 Getting ERROR exception logs in splunkd.log for Inputs Page


Third-party software attributions

Version 3.1.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:


Version 3.0.1

Version 3.0.1 of the Splunk Add-on for Box was released on March 10, 2020.

Compatibility

Version 3.0.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.0
CIM 4.14
Platforms Linux and Windows
Vendor Products Box

New features

Version 3.0.1 of the Splunk Add-on for Box contains the following new features:

  • Default support for Python3

Fixed issues

Version 3.0.1 of the Splunk Add-on for Box fixes the following issues:

Known issues

Version 3.0.1 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2020-06-16 ADDON-27168 Box TA appears to be cross ingesting data between multiple clientid's
2020-05-26 ADDON-26828 Addons unable to load UI or collect data on Splunk 8.0.4, 8.0.2004 and Splunk 8.0.5

Workaround:
As a manual workaround, the "import html" statement on Line 16 of splunk/lib/python3.7/site-packages/splunk/util.py file could be commented out, which does not require Splunk restart to take affect.
2020-05-07 ADDON-26464 The Box API endpoint doesn't collect data with configured interval for users and groups
2020-05-05 ADDON-26426 Unable to collect data using socks5 proxy
2020-02-04 ADDON-25183, ADDON-25885 Addons UI is not compatible with Splunk 7.3.3 and Splunk 7.3.4

Workaround:
Customer can switch to any other Splunk version compatible with all their apps and add-ons.
2019-11-07 ADDON-24294 Getting ERROR exception logs in splunkd.log for Inputs Page


Third-party software attributions

Version 3.0.1 of the Splunk Add-on for Box incorporates the following third-party software or libraries:


Version 3.0.0

Version 3.0.0 of the Splunk Add-on for Box was released on December 17, 2019.

Compatibility

Version 3.0.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.0
CIM 4.14
Platforms Linux and Windows
Vendor Products Box

New features

Version 3.0.0 of the Splunk Add-on for Box contains the following new features:

  • Support for Python3

Fixed issues

Version 3.0.0 of the Splunk Add-on for Box fixes the following issues:


Known issues

Version 3.0.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2020-05-26 ADDON-26828 Addons unable to load UI or collect data on Splunk 8.0.4, 8.0.2004 and Splunk 8.0.5

Workaround:
As a manual workaround, the "import html" statement on Line 16 of splunk/lib/python3.7/site-packages/splunk/util.py file could be commented out, which does not require Splunk restart to take affect.
2020-02-04 ADDON-25183, ADDON-25885 Addons UI is not compatible with Splunk 7.3.3 and Splunk 7.3.4

Workaround:
Customer can switch to any other Splunk version compatible with all their apps and add-ons.
2020-01-21 ADDON-24900 Every time splunk is restarted, box add-on requires re-entering of credentials
2019-11-07 ADDON-24294 Getting ERROR exception logs in splunkd.log for Inputs Page


Third-party software attributions

Version 3.0.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:

Version 2.1.0

Version 2.1.0 of the Splunk Add-on for Box was released on August 19, 2019.

Compatibility

Version 2.1.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x
CIM 4.13
Platforms Linux and Windows
Vendor Products Box

New features

Version 2.1.0 of the Splunk Add-on for Box contains the following new features:

  • Support for a configurable disable_ssl_certificate_validation parameter.
  • Ability to identify whether Box files are publicly or privately shared.
  • Ability to enable viewing of the entire parent structure of an asset.

Fixed issues

Version 2.1.0 of the Splunk Add-on for Box fixes the following issues:


Date resolved Issue number Description
2019-06-27 ADDON-20371, ADDON-20370, ADDON-20372 Box Add-on uses packaging toolkit v1.0.0 instead of v0.8.0
2019-06-27 ADDON-21544 Default value of "Redirect URL" field in "Add Box Account" dialog
2019-02-12 ADDON-20572 HTTP 400 Bad request: "created_after is invalid since it is in the future" Date on the server is correct.

Known issues

Version 2.1.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported.



Third-party software attributions

Version 2.1.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:

Version 2.0.0

Version 2.0.0 of the Splunk Add-on for Box was released on October 15, 2018.

The Splunk Add-on for Box version 2.0.0 introduces breaking changes. If you are upgrading from an earlier version of the Splunk Add-on for Box, you must follow the steps outlined in Upgrade the Splunk Add-on for Box to prevent data loss.

Compatibility

Version 2.0.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.x
CIM 4.11
Platforms Linux and Windows
Vendor Products Box

New features

Version 2.0.0 of the Splunk Add-on for Box contains the following new features:

  • Improved alert messaging
  • Support for multiple accounts
    • To distinguish between data collected from different Box accounts, the source field contains the Box URL next to the data input name.

Fixed issues

Version 2.0.0 of the Splunk Add-on for Box fixes the following issues:


Date resolved Issue number Description
2018-09-06 ADDON-14136 Proxy info is not updating
2018-09-06 ADDON-14135 When configured through .conf files, proxy secret does not get encrypted until data input is enabled
2018-09-06 ADDON-14082 Unable to grant access on Windows
2018-08-31 ADDON-19190 box.conf.spec is missing from README folder

Known issues

Version 2.0.0 of the Splunk Add-on for Box has the following known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2019-03-21 ADDON-21544 Default value of "Redirect URL" field in "Add Box Account" dialog
2018-12-11 ADDON-20572 HTTP 400 Bad request: "created_after is invalid since it is in the future" Date on the server is correct.
2018-11-26 ADDON-20371, ADDON-20370, ADDON-20372 Box Add-on uses packaging toolkit v1.0.0 instead of v0.8.0

Error: created_after is invalid since it is in the future

Version 2.0.0 of the Splunk Add-on for Box has a known issue with the created_after field. It switches this value after initial data ingestion. Complete the following steps to resolve this issue:

  1. From the UI of the Splunk Add-on for Box, disable your input.
  2. Delete the checkpoint file from $SPLUNK_HOME/var/lib/splunk/modinputs/box_service/.
  3. Update line 271 of $SPLUNK_HOME/etc/apps/Splunk_TA_box/bin/box_data_loader.py. It reads before = datetime.strftime(before, self.time_fmt). Replace this line with before = datetime.strftime(min(before, datetime.utcnow()), self.time_fmt).
  4. (Optional) Update your collect_since value to avoid data duplication.
  5. Enable your input again.

Third-party software attributions

Version 2.0.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries:

Version 1.2.0

Version 1.2.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.

About this release

Splunk platform versions 6.5.x, 6.6.x, 7.0.x, 7.1.x, 7.2.x
CIM 4.11
Platforms Linux
Vendor Products Box

This version of the add-on drops support for Splunk platform versions older than 6.3.X. If you are running older versions of the Splunk platform, upgrade them to a minimum of 6.3.X before upgrading the add-on.

New features

Version 1.2.0 of the Splunk Add-on for Box contains the following new features:

  • Support for SSL intercept mode in proxy.

Fixed issues

Version 1.2.0 of the Splunk Add-on for Box fixes the following issues.


Date resolved Issue number Description
2018-02-05 ADDON-15564 source_item_name field not extracted correctly
2018-01-31 ADDON-16795 Added log messages in ta_box.log for files that are not supported for previews

Known issues

Version 1.2.0 of the Splunk Add-on for Box has the following known issues.

If no issues appear below, no issues have yet been reported.


Date filed Issue number Description
2018-08-26 ADDON-19190 box.conf.spec is missing from README folder
2017-03-15 ADDON-14135 When configured through .conf files, proxy secret does not get encrypted until data input is enabled

Workaround:
Configure proxy through the setup page
2017-03-15 ADDON-14136 Proxy info is not updating

Workaround:
From the Box Grant page, wait several seconds before clicking "Grant access to Box".
2017-03-12 ADDON-14082 Unable to grant access on Windows

Third-party software attributions

Version 1.2.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries.

Version 1.1.1

Version 1.1.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.

About this release

Version 1.1.1 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.4.x and later
CIM 4.1 and later
Platforms Linux
Vendor Products Box

This version of the add-on drops support for Splunk platform versions older than 6.3.X. If you are running older versions of the Splunk platform, upgrade them to a minimum of 6.3.X before upgrading the add-on.

Version 1.1.0

Version 1.1.0 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.3.x and later
CIM 4.1 and later
Platforms Linux
Vendor Products Box

This version of the add-on drops support for Splunk platform versions older than 6.3.X. If you are running older versions of the Splunk platform, upgrade them to a minimum of 6.3.X before upgrading the add-on.

New features

Version 1.1.0 of the Splunk Add-on for Box fixes the following new features.

Date Issue number Description
2016/06/13 ADDON-6817 After you install the Splunk Add-on for Box on the search head, the Splunk platform no longer prompts you to perform any add-on setup, which is not required on the search head.
2016/06/09 ADDON-8414 New pre-built panel for troubleshooting API errors.
2016-06-02 ADDON-6087 The Splunk Add-on for Box now uses Box SDK for authentication, token refreshing, and auto retry on error.
2016-06-02 ADDON-9769 Adjusted the order of the Box File API calls.
2016-06-02 ADDON-8415 Prevented unnecessary Box API calls when a file does not exist.
2016-05-25 ADDON-9464 Support for Box Verified Enterprise (BVE).

Fixed issues

Version 1.1.0 of the Splunk Add-on for Box fixes the following issues.

Date resolved Issue number Description
2016-06-23 ADDON-4508 If you update the setup page and enter a start date in the wrong

format, the updates are not applied.

2016-05-25 ADDON-8987 Timestamps not extracted correctly.
2016-02-02 ADDON-7268 Unexpected error message: Failed to get box.conf.

Known issues

Version 1.1.0 of the Splunk Add-on for Box has the following known issues.

Date filed Issue number Description
2016-10-20 ADDON-11148 The Splunk Add-on for Box does not index private files and folders not owned by the admin.
2016-06-21 ADDON-10293 requireClientCert=true in server.conf is not supported by add-ons using modular inputs and REST. If this setting is enabled in server.conf, communication is broken between the modular input and splunkd and the add-on stops collecting data. The following error appears in the splunkd.log: "SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate." The workaround is to set requireClientCert=false.
2016-06-16 ADDON-10231 Folders with only group member assigned as Collaborator are not indexed.

Third-party software attributions

Version 1.1.0 of the Splunk Add-on for Box incorporates the following third-party software or libraries.

Version 1.0.2

Version 1.0.2 of the Splunk Add-on for Box is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.1.x and above
CIM 4.1 and above
Platforms Linux
Vendor Products Box

Fixed issues

Version 1.0.2 of the Splunk Add-on for Box fixes the following issues.

Date resolved Issue number Description
07/08/15 ADDON-4491 Change default event historical event collection to 300 days to help prevent accidental error states and expose configuration option for this in the setup UI.
07/07/15 ADDON-3870 Improve behavior for already-configured passwords upon configuration change.
07/06/15 ADDON-4188 Add-on sets timestamp of historical enterprise events to the data collection time instead of the created_at time.
07/06/15 ADDON-3928 Missing CIM-compliant action value for Authentication data model.
07/06/15 ADDON-4459 Failed to get Enterprise events when there are more than 500 events in 20 seconds.
07/06/15 ADDON-4460 Proxy support needed in add-on conf file.

Known issues

Version 1.0.2 of the Splunk Add-on for Box has the following known issues.

Date filed Issue number Description
2016-01-30 ADDON-7646 FIPS mode is not supported by this add-on. For a workaround, see Add-ons and FIPS mode in the Splunk Add-ons manual.
2016-01-13 ADDON-5325 requireClientCert=true in server.conf is not supported by add-ons using modular inputs and REST. If this setting is enabled in server.conf, communication is broken between the modular input and splunkd and the add-on stops collecting data. The following error appears in the splunkd.log: "SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate." The workaround is to set requireClientCert=false.
2015/12/14 ADDON-6984 Default event collection frequency should be 120 seconds to avoid Box API rate limiting errors.
07/13/15 SPL-104020 Timezone of the timestamp in enterprise events is ignored, causing discrepancy for events that do not originate in the same timezone as the machine responsible for data collection.
07/10/15 ADDON-4508 If you update the setup page and enter a start date in the wrong format, the updates are not applied. Workaround: Enter a valid start date for Enterprise event collection to avoid reverting to the default start date (300 days ago). You can search for errors related to this by searching for eventtype=box_setup_error.
07/10/15 ADDON-4508 Updates to proxy usernames or passwords fail if both values are not updated together. Workaround: If you configure a proxy with a username and password, then later want to delete it, you must delete both the username and password values so they are both empty, then save. If you want to make changes, specify both the username and password values.
04/21/15 ADDON-3814 Clien

t secret is obfuscated, making troubleshooting more difficult.

Third-party software attributions

Version 1.0.2 of the Splunk Add-on for Box incorporates the Httplib2 Python library.

Version 1.0.1

Version 1.0.1 of the Splunk Add-on for Box has the same compatibility specifications as version 1.0.2.

Migration notes

In order to fix an issue with gathering events from the Box API, the 1.0.1 release adjusted the behavior of the event input. No specific migration activity is required as a result of these changes.

The event input now collects only one year's worth of historical events when you enable the event for the first time, instead of all events. This does not affect users upgrading from version 1.0.0. However, you can now set the date from which event data should be corrected using the configuration file. See the input configuration instructions for details.

Also, in version 1.0.1, the event input collects data in intervals of 30 seconds by default. This is a change from the previous setting of 20 seconds. Any existing event inputs set to the default interval are automatically adjusted to 30 seconds in this release. You can edit the interval at any time.

Fixed issues

Version 1.0.1 of the Splunk Add-on for Box fixed the following issue.

Date Issue number Description
05/04/15 ADDON-3870 Event gathering fails on Box API.

Known issues

Version 1.0.1 of the Splunk Add-on for Box had the following known issues.

Date Issue number Description
07/06/15 ADDON-4459 Failed to get Enterprise events when there are more than 500 events in 20 seconds.
07/06/15 ADDON-4460 Proxy support needed in add-on conf file.
06/08/15 ADDON-4188 Add-on sets timestamp of historical enterprise events to the data collection time instead of the created_at time. To search for historical data, search using the created_at field, possibly including a timezone offset conversion, for historical data.
05/05/15 ADDON-3928 Missing CIM-compliant action value for Authentication data model.
04/21/15 ADDON-3814 Client secret is obfuscated, making troubleshooting more difficult.

Third-party software attributions

Version 1.0.1 of the Splunk Add-on for Box incorporates the Httplib2 Python library.


Version 1.0.0

Version 1.0.0 of the Splunk Add-on for Box has the same compatibility specifications as Version 1.0.1.

New features

Version 1.0.0 of the Splunk Add-on for Box had the following new features.

Date Issue number Description
03/23/15 ADDON-1389 New Splunk-supported add-on with inputs for enterprise events, file and folder metadata, collaboration information, and user and user group data, CIM mapping, and prebuilt panels.

Known issues

Version 1.0.0 of the Splunk Add-on for Box had the following known issues.

Date Issue number Description
05/05/15 ADDON-3928 Missing CIM-compliant action value for Authentication data model.
04/22/15 ADDON-3870 Event gathering fails on Box API.
04/21/15 ADDON-3814 Client secret is obfuscated, making troubleshooting more difficult.

Third-party software attributions

Version 1.0.0 of the Splunk Add-on for Box incorporates the Httplib2 Python library.

Last modified on 22 July, 2024
Release notes for the Splunk Add-on for Box   Installation and configuration overview for the Splunk Add-on for Box

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters