We use Splunk add-on for Box with an app on the Box side to stream events to our Splunk SIEM. Recently, I got an email about the new Enterprise Events Stream API (i.e. admin_logs_streaming) that enables subscribing to all events in a Box enterprise in near real time and recommending to use it instead the Splunk add-on. I have briefly looked at the document but not sure, if it adds any significant benefits. I might be wrong and would appreciate, if someone can point out why I should use Enterprise Events Stream API. Also, I am not a developer, so I am little hesitant to make that change.
Thanks for your help in advance,
Please sign in to leave a comment.