Configuring a Tagging Response Rule for Box.com in DLP 14

Overview

New in DLP 14 is the ability to scan Box.com for confidential data that may be stored in an enterprise’s BOX.COM environment.  See this post for more information on how to configure this.

This post will cover how to configure the the response rule.

Configuring the Response Rule

The first step to configure the response rule is to enable the response rules for scanning within the Discover Target.  If the check box is not enabled the response rule will not trigger.

box remediation

The response rule needs to be created and then assigned to the policy in order for it to work. Within the system add a new response rule and select the type “Automatic.”

box response rule

What this looks like

The incident report will show a new icon (the tag) next to the Box.com incident.incident report

The incident snapshot shows further information in regards to the tagging response rule showing up

incident detail

Finally we can see the “Visual Tag” applied within the Box.com interface.

visual tag

Configuring a Box.com Network Discover Scan in DLP 14

Overview

New to Symantec DLP 14 we have the ability to do Network Discover Scans (Data at Rest) of content that is stored in Cloud Storage locations.  The first service this is available for is Box.com.

This post will cover how to configure a Network Discover Scan for Cloud Storage once you have applied the Cloud Storage License.

Steps to create a Box.com Discover Scan

Once the license for Cloud Storage DLP is loaded into the system a new entry to create a Box.com Discover Target will be listed.

Once the license for Cloud Storage DLP is loaded in the system a new entry to create a Box.com Discover Target will be listed./

  1. Navigate to Manage -> Discover Scanning -> Discover Targets
  2. Under the drop down for “New Target” select Box
  3. new target

  4. Just like any Discover Target configure the target with Name, Scan Type and Schedule under the “General Settings.”
  5. We need to Authorize the Box.com scanning account which is new
    1. Click on the authorize button
    2. box pre ath

    3. Provide the username and password for the Administrator of your Box.com environment and click Authorize
    4. The DLP system will be authorized for 60 days and after that time the system can be reauthorized
    5. box authorization

  6. Within the Box.com scan we can filter out which files within the Box environment can be scanned within the box.com environment and the filters tab allows us to control this
  7. box filtering

  8. Along with being able to scan a folder on box.com we have the ability to “tag” a file with a response rule and this needs to be enabled in the protect tab of things.
    1. A separate blog post will cover this

Once this is all done, a Cloud Storage Target for Box.com will be configured and setup.  THis target can then be run just like any network discover target.

Do I need a different license for this?

Yes, a license for “Cloud Storage DLP” according to the DLP Licensing Guide.  This is a subscription based license available in a 1-year subscription.