Integrate Dropbox Business - EventTracker€¦ · Integrate Dropbox Business • Once you click the .bat, you will get a pop up window as shown in below figure: Figure 7 • Pre-Integrator

Integrate Dropbox Business EventTracker v8.x and above

Publication Date: July 12, 2018

1

Integrate Dropbox Business

Abstract This guide provides instructions to configure a Dropbox Business to send its syslog to EventTracker Enterprise.

Scope The configurations detailed in this guide are consistent with EventTracker Enterprise version v8.x or above and Dropbox Business.

Audience Administrators who are assigned the task to monitor Dropbox Business events using EventTracker.

The information contained in this document represents the current view of EventTracker. on the issues discussed as of the date of publication. Because EventTracker must respond to changing market conditions, it should not be interpreted to be a commitment on the part of EventTracker, and EventTracker cannot guarantee the accuracy of any information presented after the date of publication.

This document is for informational purposes only. EventTracker MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, this paper may be freely distributed without permission from EventTracker, if its content is unaltered, nothing is added to the content and credit to EventTracker is provided.

EventTracker may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from EventTracker, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred.

© 2018 EventTracker Security LLC. All rights reserved. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

2


Table of Contents Abstract ................................................................................................................................................................................. 1

Scope ..................................................................................................................................................................................... 1

Audience ................................................................................................................................................................................ 1

Overview ............................................................................................................................................................................... 3

Prerequisites .......................................................................................................................................................................... 3

Integration of Dropbox Business with EventTracker Manager ............................................................................................. 3 Obtaining Access Token .................................................................................................................................................... 3

Integrating Dropbox with EventTracker ............................................................................................................................ 7

Verify Dropbox Integration in EventTracker ....................................................................................................................... 10 Verify generated credential csv ...................................................................................................................................... 10

Verify LFM configuration ................................................................................................................................................ 11

Verify whether the Task is created in Task Scheduler .................................................................................................... 13

EventTracker Knowledge Pack ............................................................................................................................................ 13 Category .......................................................................................................................................................................... 14

Alerts ............................................................................................................................................................................... 14

Knowledge Object ........................................................................................................................................................... 14

Flex Reports .................................................................................................................................................................... 15

Import Dropbox Business knowledge pack into EventTracker ........................................................................................... 21 Category .......................................................................................................................................................................... 22

Alerts ............................................................................................................................................................................... 23

Parsing Rule ..................................................................................................................................................................... 24


Flex Report ...................................................................................................................................................................... 27

Dashboard ....................................................................................................................................................................... 28

Verify Dropbox Business knowledge pack in EventTracker ................................................................................................ 31 Category .......................................................................................................................................................................... 31

Alerts ............................................................................................................................................................................... 31

Parsing Rule ..................................................................................................................................................................... 32


Flex Report ...................................................................................................................................................................... 34

Sample Flex Dashboards ..................................................................................................................................................... 35

3


Overview Dropbox can store and share files, collaborate on projects. Dropbox gets your files from a computer, phone, or tablet—changes you make from one device will automatically sync across all your devices. Send files to anyone, even if they don’t have a Dropbox account. Organize your company's files in one central place with Dropbox Business. Admin controls let you track team activity and secure access to shared data. Work the way you want—Dropbox integrates seamlessly with the tools you and your team use every day. Dropbox security features let you control exactly who gets access to your files, wipe data when you lose a device, and recover files if you need to.

EventTracker helps to monitor events from Dropbox Business. It’s knowledge object and flex reports will help you to analyze files added/downloaded, group/member, application and device activities and to monitor policy or configuration changes.

Prerequisites • EventTracker v8.x or above should be installed. • Dropbox for business should be configured. • PowerShell version 5 or above should be installed.

Integration of Dropbox Business with EventTracker Manager Obtaining Access Token To configure a Dropbox Business to forward logs to EventTracker,

• Access the Dropbox developer page(https://www.dropbox.com/developers/apps) and click on My apps option.

• Login page would appear, login to continue. • Click on Create app button as shown in the below image.

https://www.dropbox.com/developers/apps�

4


Figure 1

• Now under the heading Choose an API, choose Dropbox Business API. • Under Choose the type of access you need heading, select the option Team member file access. • Give an appropriate name to the app that you are creating as highlighted in the below image. • Click on Create app.

5


Figure 2

• Once app is created you will get a page as shown below: • Under the Settings tab, you will find a heading Generate Access Token, Click on Generate as

highlighted below:

6


Figure 3

• Once the Token is generated, make a note of it as it is required for the integration process in the further steps.

7


Figure 4

Integrating Dropbox with EventTracker • Download and apply the latest KP update from link given KP_Update_Link. • Click on Knowledge Updates option and click Download as shown in the below image.

https://www.eventtracker.com/support/software-updates/v9x/�

8


Figure 5

• Once downloaded the Dropbox integrator package can be found in %et_install_path%\Knowledge Packs\Dropbox.

• The Integrator package will be obtained in a Zip file format. Extract the files. A folder named Dropbox_Script will be present, it would contain files as show below.

Figure 6

• Right-click on the Dropbox_Integrator.bat and run as administrator to start the integration process.

9


• Once you click the .bat, you will get a pop up window as shown in below figure:

Figure 7

• Pre-Integrator window will show PowerShell version and OS version of the workstation. If PowerShell version in greater than 4 and OS version is greater than Windows 2008 server, click Next to proceed.

• If pre-requisites are not met, click on Upgrade button to update PowerShell to latest version. Update package will be downloaded and automatic restart will be performed.

• Once this is done another window would pop up as shown below:

Figure 8

• Enter the Access Token that was noted and generated earlier and click on OK. • Once clicked on OK , an authentication pop up window will appear asking for username and password

for Task Scheduling as shown below:

10


Figure 9

• Please enter your Administrator System Username and Password to proceed with the Task Scheduling.

• Click on OK to continue. • Configuration is now complete.

Verify Dropbox Integration in EventTracker Verify generated credential csv Once the script run is complete, the first thing that would be done is a DropboxConf.csv will be created in the same path where the script is present. Access Token that was entered will be present in the csv and also a folder DropBox will be created in it, as shown below:

11


Figure 10

Verify LFM configuration • Access the EventTracker Control Panel.

Figure 11

12


• Double click on EventTracker Agent Configuration and a window would appear as shown below. • Click on Logfile Monitor Tab. • Make sure the checkbox beside Logfile Monitor is checked. • Verify if the path added below is the correct one where the csv is present by click on View File details.

Figure 12

• Once that is done, go to the same folder where the script is present. You should find a folder created by the name DropBox.

13


• Within the folder you will find a Dropbox_Events.csv file present which confirms the integration is a success as shown below.

Figure 13

Verify whether the Task is created in Task Scheduler • Go to Start and open Task Scheduler to confirm if the scheduling action is created or not. • Below given image shows the Dropbox-Scheduler that is created for scheduling.

Figure 14

• Dropbox Integration is now completed with EventTracker to receive Dropbox Events.

EventTracker Knowledge Pack Once logs are received by EventTracker manager, knowledge packs can be configured into EventTracker.

The following Knowledge Packs are available in EventTracker Enterprise to support Dropbox Business.

14


Category • Dropbox- Login and logout activities- This category provides information related to all the login and

logout activities. • Dropbox- Login failures- This category provides information related to all the login failures that is

done on Dropbox console. • Dropbox- File and folder activities- This category provides information related to all the file and folder

activities such as add, delete, upload, download, comment, rename, edit etc. • Dropbox- Shared link activities- This category provides information related to all the shared link

activities such as created, removed and opened shared link. • Dropbox- Group activities- This category provides information related to all the Dropbox group

activities. • Dropbox- Member activities- This category provides information related to all the Dropbox member

activities. • Dropbox- Configuration changes- This category provides information related to all the configuration

changes that is done on Dropbox.

Alerts • Dropbox: Configuration changes: This alert is generated when any configuration changes are done. • Dropbox: Deleted files and folders: This alert is generated when any file or folder is deleted. • Dropbox: Downloaded files and folders: This alert is generated when any file or folder is downloaded. • Dropbox: Login failures: This alert is generated when any login failures are done.

Knowledge Object • Dropbox- Login and logout activities - This knowledge object will help us to analyze logs related to the

login and logout activities. • Dropbox- Login failures - This knowledge object will help us to analyze logs related to the login

failures that is done on Dropbox console. • Dropbox- File and folder activities - This knowledge object will help us to analyze logs related to the

file and folder activities such as add, delete, upload, download, comment, rename, edit etc. • Dropbox- Shared link activities - This knowledge object will help us to analyze logs related to the

shared link activities such as created, removed and opened shared link. • Dropbox- Group activities - This knowledge object will help us to analyze logs related to the to all the

Dropbox group activities. • Dropbox- Member activities - This knowledge object will help us to analyze logs related to the

Dropbox member activities.

15


• Dropbox- Configuration changes - This knowledge object will help us to analyze logs related to the configuration changes that is done on Dropbox.

Flex Reports • Dropbox- Login and logout activities- This report gives the information about all the login and logout

activities.

Figure 15

Logs Considered

Figure 16

• Dropbox- Login failures– This report gives the information about all the login failures that is done on Dropbox console.

16


Figure 17

Logs Considered

Figure 18

• Dropbox- File and folder activities-This report gives information about all the file and folder activities such as add, delete, upload, download, comment, rename, edit etc.

17


Figure 19

Logs Considered

Figure 20

• Dropbox- Shared link activities-This report gives information about all the shared link activities such as created, removed and opened shared link.

18


Figure 21

Logs Considered

Figure 22

• Dropbox- Group activities-This report gives information about all the Dropbox group activities.

Figure 23

19


Logs Considered:

Figure 24

• Dropbox- Member activities-This report gives information about all the Dropbox member activities.

Figure 25

20


Logs Considered:

Figure 26

• Dropbox- Configuration changes-This report gives information about all the configuration changes that is done on Dropbox.

Figure 27

21


Logs Considered:

Figure 28

Import Dropbox Business knowledge pack into EventTracker NOTE: Import knowledge pack items in the following sequence:

• Categories • Parsing Rules • Knowledge Objects • Flex Reports

1. Launch EventTracker Control Panel.

2. Double click Export Import Utility.

22


Figure 29

3. Click the Import tab.

Category

1. Click Category option, and then click the browse button.

Figure 30

23


2. Locate Category_Dropbox.iscat file, and then click the Open button.

3. To import categories, click the Import button.

EventTracker displays success message.

Figure 31

4. Click OK, and then click the Close button.

Alerts 1. Click Alert option, and then click the browse button.

Figure 32

24


2. Locate Alerts_Dropbox.isalt file, and then click the Open button. 3. To import alerts, click the Import button. 4. EventTracker displays success message.

Figure 33

Click the OK button, and then click the Close button.

Parsing Rule 1. Click Token Value option, and then click the browse button. 2. Locate the Tokens_Dropbox.istoken file, and then click the Open button.

Figure 34

25


3. Click the Import button to import the tokens. EventTracker displays success message.

Figure 35

Knowledge Object 1. Click Knowledge objects under Admin option in the EventTracker manager page.

Figure 36

2. Click on Import button as highlighted in the below image:

Figure 37

3. Click on Browse.

26


Figure 38

4. Locate the file named KO_Dropbox.etko.

5. Now select all the check box and then click on ‘Import’ option.

Figure 39

27


6. Knowledge objects are now imported successfully.

Figure 40

Flex Report On EventTracker Control Panel,

1. Click Reports option, and select new (etcrx) from the option

Figure 41

2. Locate the file named Reports_ Dropbox.etcrx, and select all the check box.

28


Figure 42

3. Click the Import button to import the reports. EventTracker displays success message.

Figure 43

Dashboard NOTE- Below steps given are specific to EventTracker 9 and later.

29


• Open EventTracker Enterprise in browser and logon.

Figure 44

• Navigate to My Dashboard option as shown above. • Click on the Import button as show below:

Figure 45

• Import dashboard file Dashboard_Dropbox.etwd and checkbox the dashboards that you require and click on Import as shown below:

30


Figure 46

• Import is now completed successfully.

Figure 47

31


Verify Dropbox Business knowledge pack in EventTracker Category

1. Logon to EventTracker Enterprise.

2. Click Admin dropdown, and then click Categories.

Figure 48

3. In Category Tree to view imported categories, scroll down and expand Dropbox Business group folder to view the imported categories.

Figure 49

Alerts 1. Logon to EventTracker Enterprise. 2. Click the Admin menu, and then click Alerts.

32


Figure 50

3. In the Search box, type ‘Dropbox, and then click the Go button. Alert Management page will display all the imported alerts.

Figure 51

4. To activate the imported alerts, select the respective checkbox in the Active column.

EventTracker displays message box.

Figure 52

5. Click OK, and then click the Activate Now button.

NOTE: Please specify appropriate systems in alert configuration for better performance.

Parsing Rule 1. In the EventTracker Enterprise web interface, click the Admin dropdown, and then click Parsing rules.

33


Figure 53

2. Click on Parsing rules tab now as highlighted below, then choose Dropbox folder.

Figure 54

Knowledge Object 1. In the EventTracker Enterprise web interface, click the Admin dropdown, and then click Knowledge

Objects.

Figure 55

2. In the Knowledge Object tree, expand Dropbox Business group folder to view the imported Knowledge objects.

34


Figure 56

Flex Report 1. In the EventTracker Enterprise web interface, click the Reports menu, and then select Report

Configuration.

Figure 57

2. In Reports Configuration pane, select Defined option. 3. Click on the Dropbox Business group folder to view the imported Dropbox Business reports.

Figure 58

35


Sample Flex Dashboards • WIDGET TITLE: Dropbox- File and folder added activities

Figure 59

36


• WIDGET TITLE: Dropbox- File and folder deleted activities

Figure 60

37


• WIDGET TITLE: Dropbox- Login and logout

Figure 61

• WIDGET TITLE: Dropbox- Group activities

Figure 62

38


• WIDGET TITLE: Dropbox- Shared link activities

Figure 63

• WIDGET TITLE: Dropbox- Member activities

Figure 64

39


• WIDGET TITLE: Dropbox- Configuration changes

Figure 65

Documents

Integrate Dropbox Business - EventTracker€¦ · Integrate Dropbox Business • Once you click the .bat, you will get a pop up window as shown in below figure: Figure 7 • Pre-Integrator