Skip to main content

Dropbox Event Collector

This Integration is part of the Dropbox Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

Collect events from Dropbox's logs. This integration was integrated and tested with version 2 of Dropbox API

Configure Dropbox Event Collector on Cortex XSIAM#

  1. Navigate to Settings > Configurations > Automation and Feed Integrations.

  2. Search for Dropbox Event Collector.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    Server URLThe endpoint to get the logsTrue
    App KeyThe App keyTrue
    App SecretThe App secretTrue
    First fetch in timestamp formatFirst fetch in timestamp format (<number> <time unit>, e.g., 12 hours, 7 days)False
    The maximum number of events per fetchFalse
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  4. Run the !dropbox-auth-start command to test the connection and the authorization process.

Commands#

You can execute these commands from the Cortex XSIAM War Room, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

dropbox-auth-start#


Starts the authentication.

Base Command#

dropbox-auth-start

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

dropbox-auth-complete#


Completes the authentication.

Base Command#

dropbox-auth-complete

Input#

Argument NameDescriptionRequired
codeThe code that returns from Dropbox.Required

Context Output#

There is no context output for this command.

dropbox-auth-test#


Tests the authentication.

Base Command#

dropbox-auth-test

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

dropbox-auth-reset#


Resets the authentication.

Base Command#

dropbox-auth-reset

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

dropbox-get-events#


Get events.

Base Command#

dropbox-get-events

Input#

Argument NameDescriptionRequired
limitThe maximum events to fetch. Default is 500.Optional
should_push_eventsSet this argument to true to create events, otherwise the command will only display them. Possible values are: true, false. Default is false.Required
fromFetch events from this time (<number> <time unit>, e.g., 12 hours, 7 days). Default is 3 days.Optional

Context Output#

There is no context output for this command.

Command example#

!dropbox-get-events should_push_events='false' limit=3

Human Readable Output#

Dropbox logs#

ActorContextDetailsEvent _ CategoryEvent _ TypeInvolve Non Team _ MemberOriginTimestamp
.tag: admin
admin: {".tag": "team_member", "account_id": "123456", "display_name": "John Smith", "email": "JohnSmith@example.com", "team_member_id": "111111"}
.tag: team_member
account_id: 123456
display_name: John Smith
email: JohnSmith@example.com
team_member_id: 111111
.tag: member_change_status_details
previous_value: {".tag": "not_joined"}
new_value: {".tag": "active"}
action: {".tag": "team_join_details", "linked_apps": [], "linked_devices": [], "linked_shared_folders": [], "has_linked_apps": false, "has_linked_devices": true, "has_linked_shared_folders": false}
.tag: members.tag: member_change_status
description: Changed member status (invited, joined, suspended, etc.)
falsegeo_location: {"city": "Tel Aviv", "region": "Tel Aviv", "country": "IL", "ip_address": "1.1.1.1"}
access_method: {".tag": "end_user", "end_user": {".tag": "web", "session_id": "222222"}}
2022-05-16T11:34:29Z
.tag: admin
admin: {".tag": "team_member", "account_id": "123456", "display_name": "John Smith", "email": "JohnSmith@example.com", "team_member_id": "111111"}
.tag: team_member
account_id: 123456
display_name: John Smith
email: JohnSmith@example.com
team_member_id: 111111
.tag: member_change_admin_role_details
new_value: {".tag": "team_admin"}
previous_value: {".tag": "member_only"}
.tag: members.tag: member_change_admin_role
description: Changed team member admin role
falsegeo_location: {"city": "Tel Aviv", "region": "Tel Aviv", "country": "IL", "ip_address": "1.1.1.1"}
access_method: {".tag": "end_user", "end_user": {".tag": "web", "session_id": "222222"}}
2022-05-16T11:34:29Z
.tag: admin
admin: {".tag": "team_member", "account_id": "123456", "display_name": "John Smith", "email": "JohnSmith@example.com", "team_member_id": "111111"}
.tag: team.tag: member_send_invite_policy_changed_details
new_value: {".tag": "everyone"}
previous_value: {".tag": "specific_members"}
.tag: team_policies.tag: member_send_invite_policy_changed
description: Changed member send invite policy for team
falsegeo_location: {"city": "Tel Aviv", "region": "Tel Aviv", "country": "IL", "ip_address": "1.1.1.1"}
access_method: {".tag": "end_user", "end_user": {".tag": "web", "session_id": "222222"}}
2022-05-16T11:34:33Z