---
title: Box malicious file detected
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Datadog Security > OOTB Rules > Box malicious file detected
---

# Box malicious file detected

{% alert level="danger" %}
This rule is part of a beta feature. To learn more, [contact Support](https://docs.datadoghq.com/help/).
{% /alert %}
Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1204-user-execution](https://attack.mitre.org/techniques/T1204) 
## Goal{% #goal %}

Detects when Box identifies a file containing malware, indicating a potential threat to users or shared content.

## Strategy{% #strategy %}

Monitor security events where a file uploaded to Box is flagged as malicious to prevent distribution of infected content.

## Triage and Response{% #triage-and-response %}

1. Review the user `{{@usr.email}}` who uploaded the malicious file.
1. Note the file name `{{@source.item_name}}` to assess its context, location, and sharing status.
1. Quarantine or delete the malicious file and notify involved users.
1. Review user activity and scan associated files for additional threats.