search cancel

Policy not triggering for Box Securlet after activating with Co-Admin

book

Article ID: 175505

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Advanced CASB Securlet SAAS CASB Security Premium

Issue/Introduction

The Box Securlet has been activated using a Co-Admin and a policy has been created to trigger when files are shared publicly.  When sharing a file publicly the policy does not trigger as expected.

No error message is available for this issue.  The policy simply doesn't trigger as expected.

Environment

Box Securlet activated as a Co-Admin

Cause

There are limitations regarding the activation of the Box Securlet using a Co-Admin.

  • CloudSoc does not have visibility into the activities of Box Admin and other Co-Admins
  • CloudSoc cannot scan the documents of the Box Admin and other Co-Admins
  • CloudSoc cannot remediate the content of the Box Admin and other Co-Admins

In this specific situation the first two bullet points are the cause of a policy not alerting when a file is shared publicly.

Resolution

Performing the testing of the policy with an account that is not a Co-Admin within Box.  The policy will trigger.

Symantec strongly recommends that a Box administrator and NOT a Co-Admin activates the Securlet.