Box - Learn more about the Box standard data source and content pack integrations in Cortex XDR. - Administrator Guide - Cortex XDR - Cortex

Box - Learn more about the Box standard data source and content pack integrations in Cortex XDR. - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR 5.x Documentation

Product

Cortex XDR

License

XDR + Cloud

Creation date

2025-07-13

Last date published

2026-06-11

Category

Administrator Guide

Abstract

Learn more about the Box standard data source and content pack integrations in Cortex XDR.

You can configure collecting Box logs and data using a standard data source or with a content pack integration:

Box vendor	Description
Standard data source overview	Forward different types of data from Box enterprise accounts to Cortex XDR using the Box data source.
Link to standard data source instructions	The following types of data can be ingested from Dropbox: Events and security alerts Events (admin_logs) Box Shield Alerts Directory and metadata Users Groups For more information, see Ingest logs and data from Box.
Links to content pack integration details	The Box content pack contains classifiers, issue fields and types, and parsing and modeling rules to normalize Box data in Cortex XDR. It also includes the following integrations: Box Event Collector: Use this integration to collect events from Box's logs. It includes a command to get Box events. Box V2: Use this integration to manage Box users. It includes commands to search Box content and manage file folders and share links.

Box vendor

Description

Standard data source overview

Forward different types of data from Box enterprise accounts to Cortex XDR using the Box data source.

Link to standard data source instructions

The following types of data can be ingested from Dropbox:

Events and security alerts
- Events (admin_logs)
- Box Shield Alerts
Directory and metadata
- Users
- Groups

For more information, see Ingest logs and data from Box.

Links to content pack integration details

The Box content pack contains classifiers, issue fields and types, and parsing and modeling rules to normalize Box data in Cortex XDR. It also includes the following integrations:

Box Event Collector: Use this integration to collect events from Box's logs. It includes a command to get Box events.
Box V2: Use this integration to manage Box users. It includes commands to search Box content and manage file folders and share links.