---
title: Box Shield alert
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Datadog Security > OOTB Rules > Box Shield alert
---

# Box Shield alert

{% alert level="danger" %}
This rule is part of a beta feature. To learn more, [contact Support](https://docs.datadoghq.com/help/).
{% /alert %}
Classification:attack 
## Goal{% #goal %}

Detect when Box Shield identifies malicious content in user-managed files, helping prevent malware spread within the organization.

## Strategy{% #strategy %}

This rule monitors enterprise events where Box Shield flags files as containing malware or harmful code. Early detection of malicious content helps minimize risk to users and shared environments.

## Triage and Response{% #triage-and-response %}

1. Assess the malicious content alert and evaluate potential exposure related to the file `{{@additional_details.shield_alert.malware_info.file_name}}`.
1. Review the user `{{@usr.email}}` who uploaded or accessed the flagged file.
1. Quarantine or delete the file, alert affected users, and initiate endpoint scans as needed.
1. Notify the security team for broader investigation and containment.