Box Shield alert

This rule is part of a beta feature. To learn more, contact Support.
box

Classification:

attack

Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Goal

Detect when Box Shield identifies malicious content in user-managed files, helping prevent malware spread within the organization.

Strategy

This rule monitors enterprise events where Box Shield flags files as containing malware or harmful code. Early detection of malicious content helps minimize risk to users and shared environments.

Triage and Response

  1. Assess the malicious content alert and evaluate potential exposure related to the file {{@additional_details.shield_alert.malware_info.file_name}}.
  2. Review the user {{@usr.email}} who uploaded or accessed the flagged file.
  3. Quarantine or delete the file, alert affected users, and initiate endpoint scans as needed.
  4. Notify the security team for broader investigation and containment.