Cloudflare Docs
Cloudflare Zero Trust
Visit Cloudflare Zero Trust on GitHub
Set theme to dark (⇧+D)

Box

The Box integration detects a variety of data loss prevention, account misconfiguration, and user security risks in an integrated Box account that could leave you and your organization vulnerable.

​​ Integration prerequisites

  • A Box account on a Business plan (Business, Business Plus, Enterprise, Enterprise Plus)

  • Access to a Box Business account with Admin permission

​​ Integration permissions

For the Box integration to function, Cloudflare CASB requires the following Box permissions via an OAuth 2.0 app:

  • Read all files and folders stored in Box

These permissions follow the principle of least privilege to ensure that only the minimum required access is granted. To learn more about the permission, refer to the Box Scopes documentation.

​​ Security findings

The Box integration currently scans for the following findings, or security risks. Findings are grouped by category and then ordered by severity level.

​​ File sharing

Identify files and folders that have been shared in a potentially insecure fashion.

FindingSeverity
Box File publicly accessible read onlyHigh
Box File publicly accessible read writeCritical
Box File shared company wide read onlyMedium
Box File shared company wide read writeHigh
Box File shared company wide with high download countMedium
Box File shared company wide with high view countLow
Box Folder publicly accessible read onlyMedium
Box Folder publicly accessible read writeHigh
Box Folder shared company wide read onlyLow
Box Folder shared company wide read writeMedium
Box Folder that can be shared by anyoneMedium
Box Folder with external email upload accessLow
Box File larger than 2GBLow
Box publicly accessible file with high download countHigh
Box publicly accessible file with high view countMedium
Box Shared folder with high download countMedium
Box Shared folder with high view countLow

​​ User access

Flag user access issues, including account misuse and users not following best practices.

FindingSeverity
Box Admin not required to use 2FAHigh
Box Inactive Admin userMedium
Box Inactive userLow
Box User allowed to collaborate with external usersLow
Box User not required to use 2FAMedium
Box User with email alias configuredLow
Box User with unconfirmed notification emailLow

​​ Account misconfigurations

Discover account and admin-level settings that have been configured in a potentially insecure way.

FindingSeverity
Box Active WebhookLow