To help keep your organization's content secure, Threat Detection rules need to be enabled, configured, and started. In some rule types, you can include multiple values, such as of IP addresses, domain, locations, or email addresses, so you might want to create a Shield list of those values instead of adding all the individual values to the rule.
- Go to Admin Console > Shield.
- Click the Detection Rules tab.
- Click Enable for the detection rule you want to configure and start.
- On the Create [rule type] Rule page, enter a Rule Name and Description and configure the rule. Specifically:
- For Malicious Content, decide if you want to enable deep scan and download restrictions.
- For Suspicious Location, click Add Rule to configure up to 22 configure locations and content to monitor and decide which filters to enable.
- For Suspicious Session, decide which filters to enable.
- For all rules, decide whether to publish rule alerts to the Box Event Stream and who to send alert email messages to.
- Click Next.
- On the Review [rule name] page, review the rule settings.
- Click Start Rule ().