You must define filters for the Security Logs report and select at least one Action Type (event) before you can run it. See Security Logs Report Filters and Security Logs Report Action Types for more information.
Security Logs Report Details
- File format: Microsoft Excel spreadsheet (.xslx) file (which can typically be opened and viewed in other spreadsheet applications)
-
Filename format:
security_logs_run_on_YYYY-MM-DD__HH-MM-SS-[A|P]M.xlsx - Folder name format: n/a, each report run is placed in the Box Reports root folder
- Filename time zone: the local date and time of the admin who ran the report or who set up the report schedule.
Security Logs Report Data Columns
The Security Logs report contains the following data:
| Data Column | Description |
|---|---|
| Date/Time | The date and time, in the local time of the admin who ran the report or who set up the report schedule, of the change, in the user's local time zone. |
| Email Address | The email address of the user who made the change, from the value in the Email field in User Account Details. |
| User IP | The IP address of the computer or device from which the change was initiated. |
| Category | The section (left nav item) or subsection (tab) in which the change was made. |
| Setting | The name of the setting that was changes. |
| From | The value of the setting prior to the change. |
| Changed To | The value of the setting after the change. |
Security Logs Report Filters
| Users or Groups | Optional. Enter one or more names of managed users or of user groups to limit the Security Logs report to activities of those users. |
| Start Date | Optional. Defines the start date for change activity in the report. If omitted, the report can go back as far as 7 years, or as long as you have had an account tariff with reporting access. |
| End Date | Optional. Defines the end date for change activity in the report. If omitted, the report will end with activities up to the current date. |
Security Logs Report Action Types
Security Logs reports contain data about actions, sometimes described as events, your admins take in Box. The Action Types section is where you select which admin setting actions you want to include in the Security Logs report.
Select the check box for:
- Select All to include all admin settings
- An Action Type category to select all of the admin settings in that type
- Any individual admin setting
At least one Action Type must be selected to run a Security Logs report.
| (Change) Action Type | Location |
|---|---|
| App Use Management | |
| Device pinning |
Enterprise Settings > User Settings > New User Default Settings > Device pinning |
| Box phone application limit | Enterprise Settings > Device Protection > Application Settings > Enable Device Pinning > Box Phone Application |
| Box Sync limit | Enterprise Settings > Device Protection > Application Settings > Enable Device Pinning > Box Sync |
| Box tablet application limit | Enterprise Settings > Device Protection > Application Settings > Enable Device Pinning > Box Tablet Application |
| Notify admin on phone app activation | Enterprise Settings > Device Protection > Application Settings > Enable Device Pinning > Box Phone Application |
| Notify admin on sync activation | Enterprise Settings > Device Protection > Application Settings > Enable Device Pinning > Box Sync |
| Notify admin on tablet app activation | Enterprise Settings > Device Protection > Application Settings > Enable Device Pinning > Box Tablet Application |
| Notify admin on third-part app activation | Enterprise Settings > Device Protection > Application Settings > Enable Device Pinning > Browsers and Other Applications |
| Apps | |
| Added Custom App | Apps > Custom App Manager > Add App |
| Changed App Additional Configuration | Apps > Box Apps & Integration > Individual Application Controls > Configure > Additional Configuration |
| Changed App Status | Apps > Box Apps & Integration > Individual Application Controls > Status |
| Changed Box Drive Mark For Offline Feature | Apps > Box Apps & Integration > Box Drive - Mark for Offline |
| Changed Box and Microsoft Office Co-Authoring feature | Apps > Box Apps & Integration > Individual Application Controls > Box for Office Online > Configure |
| Changed Custom App Authorization Status | Apps > Custom App Manager > Server Authentication App > Authorize/Reauthorize App |
| Changed Custom App Enablement Status | Apps > Custom App Manager > Server Authentication App > Disable/Enable App Apps > Custom App Manager > User Authentication App > Disable/Enable App |
| Changed Disable published third party apps by default | Apps > Box Apps & Integration > Global App Settings > Disable published third party apps by default |
| Changed Disable unpublished apps by default | Apps > Custom App Manager > App Settings > Disable unpublished apps by default |
| Changed Require manual Admin authorization for Limited Access Apps | Apps > Custom App Manager > App Settings > Require manual Admin authorization for Limited Access Apps |
| Changed Require web app integration to use secure connections (SSL) | Apps > Box Apps & Integration > Global App Settings > Require web app integrations to use secure connections (SSL) |
| Content and Sharing | |
| Allow users to modify auto-deletion | |
| Block ownership transfer to external users | Enterprise Settings > Content & Sharing > Collaborating on Content > Restrict Ownership Transfer |
| Required auto-deletion | |
| Required auto-deletion at file level | |
| Required auto-deletion at folder level | |
| Allow users to modify shared link expiration | Enterprise Settings > Content & Sharing > Auto-Expiration > Allow owners and editors to modify the expiration date |
| Notify users before shared link expiration | Enterprise Settings > Content & Sharing > Auto-Expiration > Notify owners a specified time before expiration |
| Shared link expiration at file level | Enterprise Settings > Content & Sharing > Auto-Expiration > Apply these settings to |
| Shared link expiration at folder level | Enterprise Settings > Content & Sharing > Auto-Expiration > Apply these settings to |
| Expire collaborations from all domains | Enterprise Settings > Content & Sharing > Collaborating on Content > External collaboration |
| Require collaboration expiration | Enterprise Settings > Content & Sharing > Auto-Expiration > Invited collaborators expiration settings |
| Allow users to modify collaboration expiration | Enterprise Settings > Content & Sharing > Auto-Expiration > Invited collaborators expiration settings > Allow folder owners to extend the expiration date |
| Delete from trash access | Enterprise Settings > Content & Sharing > Trash > People who can permanently delete content in Trash |
| Automatically delete from trash | Enterprise Settings > Content & Sharing > Trash > Items in Trash are automatically deleted after |
| Enable content analysis menu on files page | |
| Enable tag filtering menu on files page | Enterprise Settings > Content & Sharing > Content Creation |
| Prevent first-level content creation | Enterprise Settings > Content & Sharing > Content Creation > Restrict content creation |
| Added domain to Collaboration Allowlist | Enterprise Settings > Content & Sharing > Collaborating on Content > External collaboration > Limit collaboration to allowlisted domains |
| Disable collaboration invite links | Enterprise Settings > Content & Sharing > Collaborating on Content > Enable invite links |
| Enable inviting group collabs to folders | Enterprise Settings > Content & Sharing > Collaborating on Content > Enable group invites |
| External collaboration status | Enterprise Settings > Content & Sharing > Collaborating on Content > External collaboration |
| Removed domain from Collaboration Allowlist | Enterprise Settings > Content & Sharing > Collaborating on Content > External collaboration > Limit collaboration to allowlisted domains |
| Restrict external collaborators | Enterprise Settings > Content & Sharing > Collaborating on Content > External collaboration |
| Restrict external collaborators from inviting other external collaborators | Enterprise Settings > Content & Sharing > Collaborating on Content > External collaboration |
| Restrict invites | Enterprise Settings > Content & Sharing > Collaborating on Content > Restrict invites |
| Disable Custom URLs |
Enterprise Settings > Content & Sharing > Custom Shared Links > Allow custom shared link URLs for links with public access
|
| External link availability | Enterprise Settings > Content & Sharing > Shared Links > Allow shared links for |
| Hide custom domain in shared links | Enterprise Settings > Content & Sharing > Custom Shared Links > Show your custom domain in shared link URLs |
| Shared link access | Enterprise Settings > Content & Sharing > Shared Links > Allow shared links for |
| Shared links edit | Enterprise Settings > Content & Sharing > Shared Links > Edit the shared item |
| Shared links download | Enterprise Settings > Content & Sharing > Shared Links > Links viewers can |
| Shared links preview | Enterprise Settings > Content & Sharing > Shared Links > Links viewers can |
| Changed G Suite Beta feature | |
| Changed Metadata - Folder Level Metadata & Cascade Feature | Enterprise Settings > Content & Sharing > File Request > Configure Users |
| Enable EID checking for company shared links | Enterprise Settings > Content & Sharing > Shared Link > Allow shared links for > Definition of Company > Enterprise ID [only available to some enterprises] |
| Change shared link expiration for public links | |
| Allow for email uploads | |
| Changed File Request Feature | |
| Enable File Request Required Login | |
| Change File Request Allowed Editors | |
| Changed Feed Feature | |
| Changed Collections feature | |
| Changed Workflow Relay User Enhancement | |
| Changed Workflow Relay Allow Editors as Builders | |
| Enable Relay Users to Publish Custom Templates | |
| Custom Set Up | |
| Disable Box Logo on HTML Embed Widget | |
| Text updated for Terms of Service for external users | |
| Text updated for Terms of Service for managed users | |
| Use Custom Terms of Service for external users | |
| Use Custom Terms of Service for managed users | |
| Enablement | |
| Created connection with CrowdStrike Falcon platform | Enterprise Settings > Device Protection > Endpoint Detection and Response Integrations |
| CrowdStrike Falcon Platform remediation added | Enterprise Settings > Device Protection > Endpoint Detection and Response Integrations > Remediation actions |
| CrowdStrike Falcon Platform remediation updated | Enterprise Settings > Device Protection > Endpoint Detection and Response Integrations > Remediation actions |
| CrowdStrike Falcon Platform remediation removed | Enterprise Settings > Device Protection > Endpoint Detection and Response Integrations > Remediation actions |
| CrowdStrike Falcon Platform connection removed | Enterprise Settings > Device Protection > Endpoint Detection and Response Integrations |
| CrowdStrike Falcon Platform monitoring mode enabled | Enterprise Settings > Device Protection > Endpoint Detection and Response Integrations > Enforcement Action |
| CrowdStrike Falcon Platform monitoring mode disabled | Enterprise Settings > Device Protection > Endpoint Detection and Response Integrations > Enforcement Action |
| CrowdStrike Falcon Platform contact email added | Enterprise Settings > Device Protection > Endpoint Detection and Response Integrations > IT Help Email |
| CrowdStrike Falcon Platform contact email updated | Enterprise Settings > Device Protection > Endpoint Detection and Response Integrations > IT Help Email |
| CrowdStrike Falcon Platform contact email removed | Enterprise Settings > Device Protection > Endpoint Detection and Response Integrations > IT Help Email |
| Executed Agreements | |
| Box Master Beta Agreement Signed | |
| Skills Addendum Signed | |
| G Suite Beta Agreement Signed | |
| Microsoft Third Party Beta Agreement Signed | |
| Mobile | |
| Disable Files functionality for iOS 12.0 or below (Box EMM) | Enterprise Settings > Mobile > User Permissions for Box Mobile Application |
| Notifications | |
| Archive Activities | |
| Archive Comments | |
| Archive Emails | |
| Archive Invitations | |
| Archive Tasks | |
| Email Archive Location | |
| Enable Notification Email | Enterprise Settings > Notifications > Email Notifications > Allow all users to receive Box notifications at an alternate notification email address |
| Enable User Update Notification Email | Enterprise Settings > Notifications > Email Notifications > Allow all users to change their notification email |
| Changed Message Center Feature | |
| Security | |
| Enable or disable regular FTP | |
| Enable strong password for external collaborators | |
| Login verification | |
| Tracking for enterprise | |
| Tracking for individual | |
| Disable "Keep me signed in" | |
| Disallow users change email | |
| Failed login threshold | |
| Notify admin on user creation | |
| Forget password | |
| Normal password change | Enterprise Settings > Security > Password Requirements > Password changes > Notify admins when users change passwords in Settings |
| Global reset | |
| Password history | |
| Password reset frequency | |
| Allow known weak passwords | |
| Minimum numeric characters | |
| Minimum password length | |
| Minimum special characters | |
| Require uppercase | |
| Session length | |
| Allow users to sign up on their own | |
| Changed Shield Trial Setting | |
| Initiated SSO Connection Request | |
| Changed SSO Test Mode Setting | |
| Added New SSO Verification Certificate | |
| Removed SSO Verification Certificate | |
| Scheduled enforcement of two factor authentication for external collaborators | |
| Disabled two factor authentication for external collaborators | |
| Two factor authentication for external collaboration enforcement complete | |
| Two factor authentication for external collaboration enforcement failed | |
| Changed configuration for two factor authentication for external collaborators | |
| Sign | |
| Changed Sign User Enablement | |
| Changed Sign Users Can Create Templates | |
| Enabled Sign Disclosure | |
| Changed Sign Disclosure Type | |
| Changed Sign Enterprise-Specific Disclosure Text | |
| User Settings | |
| Default user contact view-ability | |
| Default user sync availability | |
| Default user login activity exemption | |