Update rules' references (box) (#10)

panther-labs · Jan 16, 2024 · 59616cf · 59616cf
1 parent 6969de8
commit 59616cf
Show file tree

Hide file tree

Showing 10 changed files with 10 additions and 11 deletions.
diff --git a/rules/box_rules/box_access_granted.yml b/rules/box_rules/box_access_granted.yml
@@ -10,7 +10,7 @@ Tags:
 Severity: Low
 Description: >
   A user granted access to their box account to Box technical support from account settings.
-Reference: https://developer.box.com/reference/resources/event/
+Reference: https://support.box.com/hc/en-us/articles/7039943421715-Enabling-and-Disabling-Access-for-Box-Support
 Runbook: >
   Investigate whether the user purposefully granted access to their account. 
 SummaryAttributes:

diff --git a/rules/box_rules/box_brute_force_login.yml b/rules/box_rules/box_brute_force_login.yml
@@ -12,7 +12,7 @@ Description: >
   A Box user was denied access more times than the configured threshold.
 Threshold: 10
 DedupPeriodMinutes: 10
-Reference: https://developer.box.com/reference/resources/event/
+Reference: https://support.box.com/hc/en-us/articles/360043695174-Logging-in-to-Box
 Runbook: >
   Analyze the IP they came from, and other actions taken before/after.  Check if this user eventually authenticated successfully. 
 SummaryAttributes:

diff --git a/rules/box_rules/box_event_triggered_externally.yml b/rules/box_rules/box_event_triggered_externally.yml
@@ -15,7 +15,7 @@ Reports:
 Severity: Medium
 Description: >
   An external user has triggered a box enterprise event.
-Reference: https://developer.box.com/reference/resources/event/
+Reference: https://support.box.com/hc/en-us/articles/8391393127955-Using-the-Enterprise-Event-Stream
 Runbook: >
   Investigate whether this user's activity is expected. 
 SummaryAttributes:

diff --git a/rules/box_rules/box_item_shared_externally.yml b/rules/box_rules/box_item_shared_externally.yml
@@ -15,7 +15,7 @@ Reports:
 Severity: Medium
 Description: >
   A user has shared an item and it is accessible to anyone with the share link (internal or external to the company). This rule requires that the boxsdk[jwt] be installed in the environment.
-Reference: https://developer.box.com/reference/resources/event/
+Reference: https://support.box.com/hc/en-us/articles/4404822772755-Enterprise-Settings-Content-Sharing-Tab
 Runbook: >
   Investigate whether this user's activity is expected. 
 SummaryAttributes:

diff --git a/rules/box_rules/box_malicious_content.yml b/rules/box_rules/box_malicious_content.yml
@@ -15,8 +15,7 @@ Severity: High
 Description: >
   Box has detect malicious content, such as a virus. 
 Reference: >
-  https://developer.box.com/guides/events/shield-alert-events/, 
-  https://developer.box.com/reference/resources/event/
+  https://developer.box.com/guides/events/shield-alert-events/
 Runbook: >
   Investigate whether this is a false positive or if the virus needs to be contained appropriately.
 SummaryAttributes:

diff --git a/rules/box_rules/box_new_login.yml b/rules/box_rules/box_new_login.yml
@@ -14,7 +14,7 @@ Reports:
 Severity: Info
 Description: >
   A user logged in from a new device. 
-Reference: https://developer.box.com/reference/resources/event/
+Reference: https://support.box.com/hc/en-us/articles/360043691914-Controlling-Devices-Used-to-Access-Box
 Runbook: >
   Investigate whether this is a valid user login. 
 SummaryAttributes:

diff --git a/rules/box_rules/box_policy_violation.yml b/rules/box_rules/box_policy_violation.yml
@@ -10,7 +10,7 @@ Tags:
 Severity: Low
 Description: >
   A user violated the content workflow policy. 
-Reference: https://developer.box.com/reference/resources/event/
+Reference: https://support.box.com/hc/en-us/articles/360043692594-Creating-a-Security-Policy
 Runbook: >
   Investigate whether the user continues to violate the policy and take measure to ensure they understand policy. 
 SummaryAttributes:

diff --git a/rules/box_rules/box_untrusted_device.yml b/rules/box_rules/box_untrusted_device.yml
@@ -14,7 +14,7 @@ Reports:
 Severity: Info
 Description: >
   A user attempted to login from an untrusted device. 
-Reference: https://developer.box.com/reference/resources/event/
+Reference: https://support.box.com/hc/en-us/articles/360044194993-Setting-Up-Device-Trust-Security-Requirements
 Runbook: >
   Investigate whether this is a valid user attempting to login to box. 
 SummaryAttributes:

diff --git a/rules/box_rules/box_user_downloads.yml b/rules/box_rules/box_user_downloads.yml
@@ -14,7 +14,7 @@ Reports:
 Severity: Low
 Description: >
   A user has exceeded the threshold for number of downloads within a single time frame. 
-Reference: https://developer.box.com/reference/resources/event/
+Reference: https://support.box.com/hc/en-us/articles/360043697134-Download-Files-and-Folders-from-Box
 Runbook: >
   Investigate whether this user's download activity is expected.  Investigate the cause of this download activity. 
 SummaryAttributes:

diff --git a/rules/box_rules/box_user_permission_updates.yml b/rules/box_rules/box_user_permission_updates.yml
@@ -14,7 +14,7 @@ Reports:
 Severity: Low
 Description: >
   A user has exceeded the threshold for number of folder permission changes within a single time frame. 
-Reference: https://developer.box.com/reference/resources/event/
+Reference: https://support.box.com/hc/en-us/articles/360043697254-Understanding-Folder-Permissions
 Runbook: >
   Investigate whether this user's activity is expected. 
 SummaryAttributes: