Introduction
The tags beginning with cloud.box
identify events generated by Box.
Valid tags and data tables
The full tag must have 4 levels. The first two are fixed ascloud.box
. The third level identifies the type of events sent, and the fourth level indicates the event subtype.
...
...
Brand
...
Type
...
Subtype
...
cloud
...
box
...
...
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data tableProduct / Service | Tags | Data tables |
---|
Box cloud content management | cloud.box.collaborations
| cloud.box.collaborations
|
cloud.box.events
| cloud.box.events
|
.json |
cloud.box.files
| cloud.box.files
|
cloud.box.folders
| cloud.box.folders
|
cloud.box.groups
| cloud.box.groups
|
cloud.box.users
| cloud.box.
|
eventsHow is the data sent to Devo?
Logs generated by Box are forwarded to Devo using a dedicated collector. Contact us if you need to forward these events to your Devo domain so we can guide you through the process.
Table structure
These are the fields displayed in these tables:
Rw ui tabs macro |
---|
cloud.box.collaborationsField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | id | str
| | | created_at | str
| | | modified_at | str
| | | expires_at | str
| | | acknowledged_at | str
| | | role | str
| | | status | str
| | | item_name | str
| | | item_etag | str
| | | item_id | str
| | | item_type | str
| | | item_sequence_id | str
| | | accessible_by_name | str
| | | accessible_by_id | str
| | | accessible_by_type | str
| | | accessible_by_login | str
| | | created_by_name | str
| | | created_by_id | str
| | | created_by_type | str
| | | created_by_login | str
| | | message | str
| rawSource | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| rawSource | ✓ |
cloud.box.eventsField | Type | Field transformation | Source field name | Extra fields |
---|
eventdate | timestamp
| | | | event_type | str
| | | | event_id | str
| | | | timestamp | timestamp
| Code Block |
---|
parsedate(replace(created_at, "T", " "), "YYYY-MM-DD HH:mm:ssZZ") |
| created_at | | ip_address | ip4
| | | | session_id | str
| | | | created_by_login | str
| | | | created_by_type | str
| | | | created_by_id | str
| | | | created_by_name | str
| | | | accessible_by_login | str
| | | | accessible_by_type | str
| | | | accessible_by_id | str
| | | | accessible_by_name | str
| | | | source_type | str
| | | | source_id | str
| | | | source_name | str
| | | | source_login | str
| | | | source_item_id | str
| | | | source_item_type | str
| | | | source_item_name | str
| | | | source_parent_type | str
| | | | source_parent_name | str
| | | | source_parent_id | str
| | | | source_owned_by_login | str
| | | | source_owned_by_type | str
| | | | source_owned_by_id | str
| | | | source_owned_by_name | str
| | | | source_user_name | str
| | | | source_user_id | str
| | | | source_folder_name | str
| | | | source_folder_id | str
| | | | additional_details_service_id | str
| | | | additional_details_version_id | str
| | | | additional_details_service_name | str
| | | | additional_details_size | int8
| | | | additional_details_file_path | str
| | | | additional_details_file_hash | str
| | | | additional_details_hash_type | str
| | | | additional_details_shared_link_id | str
| | | | additional_details_ekm_id | str
| | | | additional_details_shield_alert_rule_category | str
| | | | additional_details_shield_alert_rule_id | str
| | | | additional_details_shield_alert_rule_name | str
| | | | additional_details_shield_alert_risk_score | int4
| | | | additional_details_shield_alert_alert_summary | str
| | | | additional_details_shield_alert_alert_id | int4
| | | | additional_details_shield_alert_priority | str
| | | | additional_details_shield_alert_user | str
| | | | additional_details_shield_alert_link | str
| | | | additional_details_shield_alert_created_at | str
| | | | additional_details_shield_external_collab_enforcement_item | str
| | | | additional_details_shield_external_collab_enforcement_inviter | str
| | | | additional_details_shield_external_collab_enforcement_invitee | str
| | | | additional_details_shield_external_collab_enforcement_accessUser | str
| | | | additional_details_shield_external_collab_enforcement_additionalInfo | str
| | | | additional_details_shield_external_collab_enforcement_createdAt | str
| | | | additional_details_shield_external_collab_enforcement_justification | str
| | | | additional_details_shield_external_collab_enforcement_classification | str
| | | | additional_details_shield_external_collab_enforcement_service | str
| | | | additional_details_sharedLinkSettings_newVisibilityStatus | str
| | | | additional_details_sharedLinkSettings_newIsPasswordProtected | bool
| | | | additional_details_sharedLinkSettings_newCanPreview | bool
| | | | additional_details_sharedLinkSettings_newCanEdit | bool
| | | | additional_details_sharedLinkSettings_newCanDownload | bool
| | | | additional_details_sharedLinkSettings_newIsExpirationDateSet | bool
| | | | additional_details_security_information_accessFromSharedObject | str
| | | | action_by | str
| | | | message | str
| | rawSource | | hostchain | str
| | | ✓ | tag | str
| | | ✓ | rawMessage | str
| | rawSource | ✓ |
cloud.box.filesField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | id | str
| | | name | str
| | | size | int4
| | | version_number | str
| | | comment_count | str
| | | etag | str
| | | created_at | str
| | | modified_at | str
| | | file_version_id | str
| | | file_version_type | str
| | | file_version_sha1 | str
| | | content_created_at | str
| | | content_modified_at | str
| | | owned_by_name | str
| | | owned_by_id | str
| | | owned_by_type | str
| | | owned_by_login | str
| | | message | str
| rawSource | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| rawSource | ✓ |
cloud.box.foldersField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | id | str
| | | sequence_id | str
| | | etag | str
| | | name | str
| | | size | str
| | | created_at | str
| | | modified_at | str
| | | created_by_name | str
| | | created_by_id | str
| | | created_by_type | str
| | | created_by_login | str
| | | modified_by_name | str
| | | modified_by_id | str
| | | modified_by_type | str
| | | modified_by_login | str
| | | permissions_can_share | str
| | | permissions_can_set_share_access | str
| | | permissions_can_rename | str
| | | permissions_can_invite_collaborator | str
| | | permissions_can_download | str
| | | permissions_can_upload | str
| | | permissions_can_delete | str
| | | parent_name | str
| | | parent_etag | str
| | | parent_id | str
| | | parent_type | str
| | | parent_sequence_id | str
| | | tags | str
| | | can_non_owners_invite | str
| | | item_status | str
| | | has_collaborations | str
| | | message | str
| rawSource | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| rawSource | ✓ |
cloud.box.groupsField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | name | str
| | | id | str
| | | group_type | str
| | | message | str
| rawSource | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| rawSource | ✓ |
cloud.box.usersField | Type | Source field name | Extra fields |
---|
eventdate | timestamp
| | | id | str
| | | name | str
| | | login | str
| | | created_at | str
| | | modified_at | str
| | | timezone | str
| | | space_amount | str
| | | space_used | str
| | | max_upload_size | int8
| | | status | str
| | | can_see_managed_users | str
| | | job_title | str
| | | phone | str
| | | address | str
| | | avatar_url | str
| | | role | str
| | | enterprise_name | str
| | | enterprise_id | str
| | | enterprise_type | str
| | | is_exempt_from_login_verification | str
| | | my_tags | str
| | | is_external_collab_restricted | str
| | | is_exempt_from_device_limits | str
| | | message | str
| rawSource | | hostchain | str
| | ✓ | tag | str
| | ✓ | rawMessage | str
| rawSource | ✓ |
|