Integrate Dropbox Business EventTracker v8.x and above
Publication Date: July 12, 2018
1
Integrate Dropbox Business
Abstract This guide provides instructions to configure a Dropbox Business to send its syslog to EventTracker Enterprise.
Scope The configurations detailed in this guide are consistent with EventTracker Enterprise version v8.x or above and Dropbox Business.
Audience Administrators who are assigned the task to monitor Dropbox Business events using EventTracker.
The information contained in this document represents the current view of EventTracker. on the issues discussed as of the date of publication. Because EventTracker must respond to changing market conditions, it should not be interpreted to be a commitment on the part of EventTracker, and EventTracker cannot guarantee the accuracy of any information presented after the date of publication.
This document is for informational purposes only. EventTracker MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, this paper may be freely distributed without permission from EventTracker, if its content is unaltered, nothing is added to the content and credit to EventTracker is provided.
EventTracker may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from EventTracker, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.
© 2018 EventTracker Security LLC. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
2
Integrate Dropbox Business
Table of Contents Abstract ................................................................................................................................................................................. 1
Scope ..................................................................................................................................................................................... 1
Audience ................................................................................................................................................................................ 1
Overview ............................................................................................................................................................................... 3
Prerequisites .......................................................................................................................................................................... 3
Integration of Dropbox Business with EventTracker Manager ............................................................................................. 3 Obtaining Access Token .................................................................................................................................................... 3
Integrating Dropbox with EventTracker ............................................................................................................................ 7
Verify Dropbox Integration in EventTracker ....................................................................................................................... 10 Verify generated credential csv ...................................................................................................................................... 10
Verify LFM configuration ................................................................................................................................................ 11
Verify whether the Task is created in Task Scheduler .................................................................................................... 13
EventTracker Knowledge Pack ............................................................................................................................................ 13 Category .......................................................................................................................................................................... 14
Alerts ............................................................................................................................................................................... 14
Knowledge Object ........................................................................................................................................................... 14
Flex Reports .................................................................................................................................................................... 15
Import Dropbox Business knowledge pack into EventTracker ........................................................................................... 21 Category .......................................................................................................................................................................... 22
Alerts ............................................................................................................................................................................... 23
Parsing Rule ..................................................................................................................................................................... 24
Knowledge Object ........................................................................................................................................................... 25
Flex Report ...................................................................................................................................................................... 27
Dashboard ....................................................................................................................................................................... 28
Verify Dropbox Business knowledge pack in EventTracker ................................................................................................ 31 Category .......................................................................................................................................................................... 31
Alerts ............................................................................................................................................................................... 31
Parsing Rule ..................................................................................................................................................................... 32
Knowledge Object ........................................................................................................................................................... 33
Flex Report ...................................................................................................................................................................... 34
Sample Flex Dashboards ..................................................................................................................................................... 35
3
Integrate Dropbox Business
Overview Dropbox can store and share files, collaborate on projects. Dropbox gets your files from a computer, phone, or tablet—changes you make from one device will automatically sync across all your devices. Send files to anyone, even if they don’t have a Dropbox account. Organize your company's files in one central place with Dropbox Business. Admin controls let you track team activity and secure access to shared data. Work the way you want—Dropbox integrates seamlessly with the tools you and your team use every day. Dropbox security features let you control exactly who gets access to your files, wipe data when you lose a device, and recover files if you need to.
EventTracker helps to monitor events from Dropbox Business. It’s knowledge object and flex reports will help you to analyze files added/downloaded, group/member, application and device activities and to monitor policy or configuration changes.
Prerequisites • EventTracker v8.x or above should be installed. • Dropbox for business should be configured. • PowerShell version 5 or above should be installed.
Integration of Dropbox Business with EventTracker Manager Obtaining Access Token To configure a Dropbox Business to forward logs to EventTracker,
• Access the Dropbox developer page(https://www.dropbox.com/developers/apps) and click on My apps option.
• Login page would appear, login to continue. • Click on Create app button as shown in the below image.
4
Integrate Dropbox Business
Figure 1
• Now under the heading Choose an API, choose Dropbox Business API. • Under Choose the type of access you need heading, select the option Team member file access. • Give an appropriate name to the app that you are creating as highlighted in the below image. • Click on Create app.
5
Integrate Dropbox Business
Figure 2
• Once app is created you will get a page as shown below: • Under the Settings tab, you will find a heading Generate Access Token, Click on Generate as
highlighted below:
6
Integrate Dropbox Business
Figure 3
• Once the Token is generated, make a note of it as it is required for the integration process in the further steps.
7
Integrate Dropbox Business
Figure 4
Integrating Dropbox with EventTracker • Download and apply the latest KP update from link given KP_Update_Link. • Click on Knowledge Updates option and click Download as shown in the below image.
8
Integrate Dropbox Business
Figure 5
• Once downloaded the Dropbox integrator package can be found in %et_install_path%\Knowledge Packs\Dropbox.
• The Integrator package will be obtained in a Zip file format. Extract the files. A folder named Dropbox_Script will be present, it would contain files as show below.
Figure 6
• Right-click on the Dropbox_Integrator.bat and run as administrator to start the integration process.
9
Integrate Dropbox Business
• Once you click the .bat, you will get a pop up window as shown in below figure:
Figure 7
• Pre-Integrator window will show PowerShell version and OS version of the workstation. If PowerShell version in greater than 4 and OS version is greater than Windows 2008 server, click Next to proceed.
• If pre-requisites are not met, click on Upgrade button to update PowerShell to latest version. Update package will be downloaded and automatic restart will be performed.
• Once this is done another window would pop up as shown below:
Figure 8
• Enter the Access Token that was noted and generated earlier and click on OK. • Once clicked on OK , an authentication pop up window will appear asking for username and password
for Task Scheduling as shown below:
10
Integrate Dropbox Business
Figure 9
• Please enter your Administrator System Username and Password to proceed with the Task Scheduling.
• Click on OK to continue. • Configuration is now complete.
Verify Dropbox Integration in EventTracker Verify generated credential csv Once the script run is complete, the first thing that would be done is a DropboxConf.csv will be created in the same path where the script is present. Access Token that was entered will be present in the csv and also a folder DropBox will be created in it, as shown below:
11
Integrate Dropbox Business
Figure 10
Verify LFM configuration • Access the EventTracker Control Panel.
Figure 11
12
Integrate Dropbox Business
• Double click on EventTracker Agent Configuration and a window would appear as shown below. • Click on Logfile Monitor Tab. • Make sure the checkbox beside Logfile Monitor is checked. • Verify if the path added below is the correct one where the csv is present by click on View File details.
Figure 12
• Once that is done, go to the same folder where the script is present. You should find a folder created by the name DropBox.
13
Integrate Dropbox Business
• Within the folder you will find a Dropbox_Events.csv file present which confirms the integration is a success as shown below.
Figure 13
Verify whether the Task is created in Task Scheduler • Go to Start and open Task Scheduler to confirm if the scheduling action is created or not. • Below given image shows the Dropbox-Scheduler that is created for scheduling.
Figure 14
• Dropbox Integration is now completed with EventTracker to receive Dropbox Events.
EventTracker Knowledge Pack Once logs are received by EventTracker manager, knowledge packs can be configured into EventTracker.
The following Knowledge Packs are available in EventTracker Enterprise to support Dropbox Business.
14
Integrate Dropbox Business
Category • Dropbox- Login and logout activities- This category provides information related to all the login and
logout activities. • Dropbox- Login failures- This category provides information related to all the login failures that is
done on Dropbox console. • Dropbox- File and folder activities- This category provides information related to all the file and folder
activities such as add, delete, upload, download, comment, rename, edit etc. • Dropbox- Shared link activities- This category provides information related to all the shared link
activities such as created, removed and opened shared link. • Dropbox- Group activities- This category provides information related to all the Dropbox group
activities. • Dropbox- Member activities- This category provides information related to all the Dropbox member
activities. • Dropbox- Configuration changes- This category provides information related to all the configuration
changes that is done on Dropbox.
Alerts • Dropbox: Configuration changes: This alert is generated when any configuration changes are done. • Dropbox: Deleted files and folders: This alert is generated when any file or folder is deleted. • Dropbox: Downloaded files and folders: This alert is generated when any file or folder is downloaded. • Dropbox: Login failures: This alert is generated when any login failures are done.
Knowledge Object • Dropbox- Login and logout activities - This knowledge object will help us to analyze logs related to the
login and logout activities. • Dropbox- Login failures - This knowledge object will help us to analyze logs related to the login
failures that is done on Dropbox console. • Dropbox- File and folder activities - This knowledge object will help us to analyze logs related to the
file and folder activities such as add, delete, upload, download, comment, rename, edit etc. • Dropbox- Shared link activities - This knowledge object will help us to analyze logs related to the
shared link activities such as created, removed and opened shared link. • Dropbox- Group activities - This knowledge object will help us to analyze logs related to the to all the
Dropbox group activities. • Dropbox- Member activities - This knowledge object will help us to analyze logs related to the
Dropbox member activities.
15
Integrate Dropbox Business
• Dropbox- Configuration changes - This knowledge object will help us to analyze logs related to the configuration changes that is done on Dropbox.
Flex Reports • Dropbox- Login and logout activities- This report gives the information about all the login and logout
activities.
Figure 15
Logs Considered
Figure 16
• Dropbox- Login failures– This report gives the information about all the login failures that is done on Dropbox console.
16
Integrate Dropbox Business
Figure 17
Logs Considered
Figure 18
• Dropbox- File and folder activities-This report gives information about all the file and folder activities such as add, delete, upload, download, comment, rename, edit etc.
17
Integrate Dropbox Business
Figure 19
Logs Considered
Figure 20
• Dropbox- Shared link activities-This report gives information about all the shared link activities such as created, removed and opened shared link.
18
Integrate Dropbox Business
Figure 21
Logs Considered
Figure 22
• Dropbox- Group activities-This report gives information about all the Dropbox group activities.
Figure 23
19
Integrate Dropbox Business
Logs Considered:
Figure 24
• Dropbox- Member activities-This report gives information about all the Dropbox member activities.
Figure 25
20
Integrate Dropbox Business
Logs Considered:
Figure 26
• Dropbox- Configuration changes-This report gives information about all the configuration changes that is done on Dropbox.
Figure 27
21
Integrate Dropbox Business
Logs Considered:
Figure 28
Import Dropbox Business knowledge pack into EventTracker NOTE: Import knowledge pack items in the following sequence:
• Categories • Parsing Rules • Knowledge Objects • Flex Reports
1. Launch EventTracker Control Panel.
2. Double click Export Import Utility.
22
Integrate Dropbox Business
Figure 29
3. Click the Import tab.
Category
1. Click Category option, and then click the browse button.
Figure 30
23
Integrate Dropbox Business
2. Locate Category_Dropbox.iscat file, and then click the Open button.
3. To import categories, click the Import button.
EventTracker displays success message.
Figure 31
4. Click OK, and then click the Close button.
Alerts 1. Click Alert option, and then click the browse button.
Figure 32
24
Integrate Dropbox Business
2. Locate Alerts_Dropbox.isalt file, and then click the Open button. 3. To import alerts, click the Import button. 4. EventTracker displays success message.
Figure 33
Click the OK button, and then click the Close button.
Parsing Rule 1. Click Token Value option, and then click the browse button. 2. Locate the Tokens_Dropbox.istoken file, and then click the Open button.
Figure 34
25
Integrate Dropbox Business
3. Click the Import button to import the tokens. EventTracker displays success message.
Figure 35
Knowledge Object 1. Click Knowledge objects under Admin option in the EventTracker manager page.
Figure 36
2. Click on Import button as highlighted in the below image:
Figure 37
3. Click on Browse.
26
Integrate Dropbox Business
Figure 38
4. Locate the file named KO_Dropbox.etko.
5. Now select all the check box and then click on ‘Import’ option.
Figure 39
27
Integrate Dropbox Business
6. Knowledge objects are now imported successfully.
Figure 40
Flex Report On EventTracker Control Panel,
1. Click Reports option, and select new (etcrx) from the option
Figure 41
2. Locate the file named Reports_ Dropbox.etcrx, and select all the check box.
28
Integrate Dropbox Business
Figure 42
3. Click the Import button to import the reports. EventTracker displays success message.
Figure 43
Dashboard NOTE- Below steps given are specific to EventTracker 9 and later.
29
Integrate Dropbox Business
• Open EventTracker Enterprise in browser and logon.
Figure 44
• Navigate to My Dashboard option as shown above. • Click on the Import button as show below:
Figure 45
• Import dashboard file Dashboard_Dropbox.etwd and checkbox the dashboards that you require and click on Import as shown below:
30
Integrate Dropbox Business
Figure 46
• Import is now completed successfully.
Figure 47
31
Integrate Dropbox Business
Verify Dropbox Business knowledge pack in EventTracker Category
1. Logon to EventTracker Enterprise.
2. Click Admin dropdown, and then click Categories.
Figure 48
3. In Category Tree to view imported categories, scroll down and expand Dropbox Business group folder to view the imported categories.
Figure 49
Alerts 1. Logon to EventTracker Enterprise. 2. Click the Admin menu, and then click Alerts.
32
Integrate Dropbox Business
Figure 50
3. In the Search box, type ‘Dropbox, and then click the Go button. Alert Management page will display all the imported alerts.
Figure 51
4. To activate the imported alerts, select the respective checkbox in the Active column.
EventTracker displays message box.
Figure 52
5. Click OK, and then click the Activate Now button.
NOTE: Please specify appropriate systems in alert configuration for better performance.
Parsing Rule 1. In the EventTracker Enterprise web interface, click the Admin dropdown, and then click Parsing rules.
33
Integrate Dropbox Business
Figure 53
2. Click on Parsing rules tab now as highlighted below, then choose Dropbox folder.
Figure 54
Knowledge Object 1. In the EventTracker Enterprise web interface, click the Admin dropdown, and then click Knowledge
Objects.
Figure 55
2. In the Knowledge Object tree, expand Dropbox Business group folder to view the imported Knowledge objects.
34
Integrate Dropbox Business
Figure 56
Flex Report 1. In the EventTracker Enterprise web interface, click the Reports menu, and then select Report
Configuration.
Figure 57
2. In Reports Configuration pane, select Defined option. 3. Click on the Dropbox Business group folder to view the imported Dropbox Business reports.
Figure 58
35
Integrate Dropbox Business
Sample Flex Dashboards • WIDGET TITLE: Dropbox- File and folder added activities
Figure 59
36
Integrate Dropbox Business
• WIDGET TITLE: Dropbox- File and folder deleted activities
Figure 60
37
Integrate Dropbox Business
• WIDGET TITLE: Dropbox- Login and logout
Figure 61
• WIDGET TITLE: Dropbox- Group activities
Figure 62
38
Integrate Dropbox Business
• WIDGET TITLE: Dropbox- Shared link activities
Figure 63
• WIDGET TITLE: Dropbox- Member activities
Figure 64
39
Integrate Dropbox Business
• WIDGET TITLE: Dropbox- Configuration changes
Figure 65