Gaining Visibility and Threat Detection in Cloud Content With Box and FireEye

Businesses share content internally and externally with suppliers, customers and others in a variety of ways. Technologies make it faster for businesses and employees to operate, especially in remote settings. This creates challenges for SOC analysts looking to gain visibility into what is entering and exiting their ecosystems—an issue that is compounded when that something is malware.

FireEye and Box are excited to introduce a new integration that will allow joint customers to gain threat detection for all files residing within their Box accounts. In addition to files automatically being scanned for malicious content via FireEye Detection On Demand, joint customers also benefit from visibility of all system events occurring in Box within the FireEye Helix security operations platform, giving SOC analysts a better understanding of what is happening in their environment.

What Does Box Do?

Box is a leading cloud content management platform that enables organizations to accelerate business processes, power workplace collaboration and protect their most valuable information. Official Box apps are available for Windows, macOS, and mobile platforms.

How Does the Integration Work?

FireEye has built an integration leveraging its cloud-based FireEye Helix Connect integration portal that allows customers to scan their Box solution and understand what users are doing there in mere minutes. Through this integration, organizations can:

  • Take key events from Box into FireEye Helix, including logins, login failures, errors, permission changes and system events.
  • Automatically scan every file uploaded to Box for malware using FireEye Detection On Demand. Malicious files can be blocked and SOC analysts are alerted in FireEye Helix when evil is found.

Existing customers of FireEye Helix and Box need only navigate to FireEye Helix Connect and perform the simple steps listed on the installation guide to get the key events flowing into FireEye Helix. Customers can also easily drop their Detection On Demand API key (once purchased through FireEye or using the free trial on AWS) to have all files scanned/blocked as well.

FireEye has created seven custom alert rules as part of a Box Rule Pack that automatically assigns a risk level to each alert generated. These rules work out of the Box (pun intended) today and customers can also modify them to create the alerts that are most relevant. Additionally, FireEye Helix has the ability to help customers visualize data and alerts through dashboards. The following Box dashboard has been created and is available for use in Helix, and customers can also modify it to reflect the data that they want to review.

More Information

This integration is currently used by multiple Fortune 1000 companies to gain valuable insight into their security. Their security analysts have instant access to what is happening across their cloud content by using FireEye Helix. To learn more about this integration visit the FireEye Market and enable it now on FireEye Helix Connect. Learn more about Box by visiting their website.

This post was first first published on

FireEye Stories

‘s website by Martin Holste. You can view it by clicking here