Skip to main content
Your Security Logs keep track of changes made to settings in your Admin Console. Run a Security Logs report to see what settings have been changed within a given time period, and who made said changes. This report can be useful for monitoring the actions of a Co-Admin or multiple administrators, as well as keeping track of your enterprise settings. You must define filters for the Security Logs report and select at least one Action Type (event) before you can run it. See Security Logs Report Filters and Security Logs Report Action Types for more information.

Security Logs report details

  • File format: Microsoft Excel spreadsheet (.xslx) file (which can typically be opened and viewed in other spreadsheet applications)
  • Filename format:security_logs_run_on_YYYY-MM-DD__HH-MM-SS-[A|P]M.xlsx
  • Folder name format: n/a, each report run is placed in the Box Reports root folder
  • Filename time zone: the local date and time of the admin who ran the report or who set up the report schedule.

Security Logs report data columns

The Security Logs report contains the following data:
Data ColumnDescription
Date/TimeThe date and time, in the local time of the admin who ran the report or who set up the report schedule, of the change, in the user’s local time zone.
Email AddressThe email address of the user who made the change, from the value in the Email field in User Account Details.
User IPThe IP address of the computer or device from which the change was initiated.
CategoryThe section (left nav item) or subsection (tab) in which the change was made.
SettingThe name of the setting that was changes.
FromThe value of the setting prior to the change.
Changed ToThe value of the setting after the change.

Security Logs report filters

Users or GroupsOptional. Enter one or more names of managed users or of user groups to limit the Security Logs report to activities of those users.
Start DateOptional. Defines the start date for change activity in the report. If omitted, the report can go back as far as 7 years, or as long as you have had an account tariff with reporting access.
End DateOptional. Defines the end date for change activity in the report. If omitted, the report will end with activities up to the current date.

Security Logs report action types

Security Logs reports contain data about actions, sometimes described as events, your admins take in Box. The Action Types section is where you select which admin setting actions you want to include in the Security Logs report. Select the check box for:
  • Select All to include all admin settings
  • An Action Type category to select all of the admin settings in that type
  • Any individual admin setting
At least one Action Type must be selected to run a Security Logs report.
(Change) Action TypeLocation

 

Device Protection

Enabled Device TrustEnterprise Settings > Device Protection > Device Trust >
Create Policy
This event is triggered when the first policy is created.
Disabled Device TrustEnterprise Settings > Device Protection > Device Trust >
<Policy details> > Delete
This event is triggered when the last policy is deleted.
Added new Device Trust policyEnterprise Settings > Device Protection > Device Trust >
Create Policy
Removed Device Trust policy Enterprise Settings > Device Protection > Device Trust >
<Policy details> > Delete
Updated Device Trust policyEnterprise Settings > Device Protection > Device Trust >
<Policy details> > Save
Device pinningEnterprise Settings > User Settings > New User Default Settings > Device pinning
Box phone application limitEnterprise Settings > Device Protection > Application Settings > Enable Device Pinning > Box Phone Application
Box Sync limitEnterprise Settings > Device Protection > Application Settings > Enable Device Pinning > Box Sync
Box tablet application limitEnterprise Settings > Device Protection > Application Settings > Enable Device Pinning > Box Tablet Application
Notify admin on phone app activationEnterprise Settings > Device Protection > Application Settings > Enable Device Pinning > Box Phone Application
Notify admin on sync activationEnterprise Settings > Device Protection > Application Settings > Enable Device Pinning > Box Sync
Notify admin on tablet app activationEnterprise Settings > Device Protection > Application Settings > Enable Device Pinning > Box Tablet Application
Notify admin on third-part app activationEnterprise Settings > Device Protection > Application Settings > Enable Device Pinning > Browsers and Other Applications
Created connection with CrowdStrike Falcon platformEnterprise Settings > Device Protection > Endpoint Detection and Response Integrations
CrowdStrike Falcon Platform remediation addedEnterprise Settings > Device Protection > Endpoint Detection and Response Integrations > Remediation actions
CrowdStrike Falcon Platform remediation updatedEnterprise Settings > Device Protection > Endpoint Detection and Response Integrations > Remediation actions
CrowdStrike Falcon Platform remediation removedEnterprise Settings > Device Protection > Endpoint Detection and Response Integrations > Remediation actions
CrowdStrike Falcon Platform connection removedEnterprise Settings > Device Protection > Endpoint Detection and Response Integrations
CrowdStrike Falcon Platform monitoring mode enabledEnterprise Settings > Device Protection > Endpoint Detection and Response Integrations > Enforcement Action
CrowdStrike Falcon Platform monitoring mode disabledEnterprise Settings > Device Protection > Endpoint Detection and Response Integrations > Enforcement Action
CrowdStrike Falcon Platform contact email addedEnterprise Settings > Device Protection > Endpoint Detection and Response Integrations > IT Help Email
CrowdStrike Falcon Platform contact email updatedEnterprise Settings > Device Protection > Endpoint Detection and Response Integrations > IT Help Email
CrowdStrike Falcon Platform contact email removedEnterprise Settings > Device Protection > Endpoint Detection and Response Integrations > IT Help Email

 

Integrations

Added Platform AppIntegrations> Platform Apps Manager > Add Platform App
Changed Integration Additional ConfigurationIntegrations> Box Integrations & Clients > Individual Integration Controls > Configure > Additional Configuration
Changed Integration StatusIntegrations> Box Integrations & Clients > Individual Integration Controls > Status
Changed Box Drive Mark For Offline FeatureIntegrations> Box Integrations & Clients > Box Drive - Mark for Offline
Changed Box and Microsoft Office Co-Authoring featureIntegrations> Box Integrations & Clients > Individual Integration Controls > Box for Office Online > Configure
Changed Platform App Authorization StatusIntegrations> Platform Apps Manager > Server Authentication App > Authorize/Reauthorize Platform App
Changed Platform App Enablement StatusIntegrations> Platform Apps Manager > Server Authentication App > Disable/Enable Platform App
Integrations> Platform Apps Manager > User Authentication App > Disable/Enable Platform App
Changed Disable integrations by defaultIntegrations> Box Integrations & Clients > Global Integration Settings > Disable integrations by default
Changed Disable Platform Apps by defaultIntegrations> Platform Apps Manager > Platform App Settings > Disable Platform Apps by default
Changed Require manual Admin authorization for Limited Access Platform AppsIntegrations > Platform Apps Manager > Platform App Settings > Require manual Admin authorization for Limited Access Platform Apps
Changed Require web integrations to use secure connections (SSL)Integrations> Box Integrations & Clients > Global Integration Settings > Require web integrations to use secure connections (SSL)

 

Content and Sharing

Allow users to modify auto-deletion 
Block ownership transfer to external usersEnterprise Settings > Content & Sharing > Collaborating on Content > Restrict Ownership Transfer
Required auto-deletion 
Required auto-deletion at file level 
Required auto-deletion at folder level 
Allow users to modify shared link expirationEnterprise Settings > Content & Sharing > Auto-Expiration > Allow owners and editors to modify the expiration date
Notify users before shared link expirationEnterprise Settings > Content & Sharing > Auto-Expiration > Notify owners a specified time before expiration
Shared link expiration at file levelEnterprise Settings > Content & Sharing > Auto-Expiration > Apply these settings to 
Shared link expiration at folder levelEnterprise Settings > Content & Sharing > Auto-Expiration > Apply these settings to 
Expire collaborations from all domainsEnterprise Settings > Content & Sharing > Collaborating on Content > External collaboration
Require collaboration expirationEnterprise Settings > Content & Sharing > Auto-Expiration > Invited collaborators expiration settings
Allow users to modify collaboration expirationEnterprise Settings > Content & Sharing > Auto-Expiration > Invited collaborators expiration settings > Allow folder owners to extend the expiration date
Delete from trash accessEnterprise Settings > Content & Sharing > Trash > People who can permanently delete content in Trash
Automatically delete from trashEnterprise Settings > Content & Sharing > Trash > Items in Trash are automatically deleted after
Enable content analysis menu on files page 
Enable tag filtering menu on files pageEnterprise Settings > Content & Sharing > Content Creation
Prevent first-level content creationEnterprise Settings > Content & Sharing > Content Creation > Restrict content creation
Added domain to Collaboration AllowlistEnterprise Settings > Content & Sharing > Collaborating on Content > External collaboration > Limit collaboration to allowlisted domains
Disable collaboration invite linksEnterprise Settings > Content & Sharing > Collaborating on Content > Enable invite links
Enable inviting group collabs to foldersEnterprise Settings > Content & Sharing > Collaborating on Content > Enable group invites
External collaboration statusEnterprise Settings > Content & Sharing > Collaborating on Content > External collaboration 
Removed domain from Collaboration AllowlistEnterprise Settings > Content & Sharing > Collaborating on Content > External collaboration > Limit collaboration to allowlisted domains
Restrict external collaboratorsEnterprise Settings > Content & Sharing > Collaborating on Content > External collaboration
Restrict external collaborators from inviting other external collaboratorsEnterprise Settings > Content & Sharing > Collaborating on Content > External collaboration
Restrict invitesEnterprise Settings > Content & Sharing > Collaborating on Content > Restrict invites
Disable Custom URLsEnterprise Settings > Content & Sharing > Custom Shared Links > Allow custom shared link URLs for links with public access
  • When an Admin enables the Allow custom charted link URLs for links with public access setting, which means they are not disabling custom URLs, the event in the report contains the value enabled in the From column and the value disabled in the Changed To column.
  • When an Admin disables the Allow custom charted link URLs for links with public access setting, which means they are disabling custom URLs, the event in the report contains the value disabled in the From column and the value enabled in the Changed To column.
External link availabilityEnterprise Settings > Content & Sharing > Shared Links > Allow shared links for
Hide custom domain in shared linksEnterprise Settings > Content & Sharing > Custom Shared Links > Show your custom domain in shared link URLs
Shared link accessEnterprise Settings > Content & Sharing > Shared Links > Allow shared links for
Shared links editEnterprise Settings > Content & Sharing > Shared Links > Edit the shared item
Shared links downloadEnterprise Settings > Content & Sharing > Shared Links > Links viewers can
Shared links previewEnterprise Settings > Content & Sharing > Shared Links > Links viewers can
Changed G Suite Beta feature 
Changed Metadata - Folder Level Metadata & Cascade FeatureEnterprise Settings > Content & Sharing > File Request > Configure Users
Enable EID checking for company shared linksEnterprise Settings > Content & Sharing > Shared Link > Allow shared links for > Definition of Company > Enterprise ID [only available to some enterprises]
Change shared link expiration for public links 
Allow for email uploads 
Changed File Request FeatureEnterprise Settings > Content & Sharing > Forms > Configure Users
Enable File Request Required Login 
Change File Request Allowed Editors 
Changed Feed Feature 
Changed Form User EnablementEnterprise Settings > Content & Sharing > Forms
Changed Form Require Login SettingsEnterprise Settings > Content & Sharing > Forms
Changed Form Branding Default SettingsEnterprise Settings > Content & Sharing > Forms
Changed Form Folder PermissionsEnterprise Settings > Content & Sharing > Forms
Changed Form Branding User EnablementEnterprise Settings > Content & Sharing > Forms
Changed Collections feature 
Changed Workflow Relay User Enhancement 
Changed Workflow Relay Allow Editors as Builders 
Enable Relay Users to Publish Custom Templates 
Changed Content Automation Doc Gen User Enablement 

 

Custom Set Up

Disable Box Logo on HTML Embed Widget 
Text updated for Terms of Service for external users 
Text updated for Terms of Service for managed users 
Use Custom Terms of Service for external users 
Use Custom Terms of Service for managed users 

 

Executed Agreements

Box Master Beta Agreement Signed 
Skills Addendum Signed 
G Suite Beta Agreement Signed 
Microsoft Third Party Beta Agreement Signed 

 

Mobile

Disable Files functionality for iOS 12.0 or below (Box EMM)Enterprise Settings > Mobile > User Permissions for Box Mobile Application

 

Notifications

Archive Activities 
Archive Comments 
Archive Emails 
Archive Invitations 
Archive Tasks 
Email Archive Location 
Enable Notification EmailEnterprise Settings > Notifications > Email Notifications > Allow all users to receive Box notifications at an alternate notification email address
Enable User Update Notification EmailEnterprise Settings > Notifications > Email Notifications > Allow all users to change their notification email
Changed Message Center Feature 

 

Security

Enable or disable regular FTPAs of November 20, 2024, Box no longer provides this event.
Enable strong password for external collaborators 
Login verification 
Tracking for enterprise 
Tracking for individual 
Disable “Keep me signed in” 
Disallow users change email 
Failed login threshold 
Notify admin on user creation 
Forget password 
Normal password changeEnterprise Settings > Security > Password Requirements > Password changes > Notify admins when users change passwords in Settings
Global reset 
Password history 
Password reset frequency 
Allow known weak passwords 
Minimum numeric characters 
Minimum password length 
Minimum special characters 
Require uppercase 
Session length 
Allow users to sign up on their own 
Changed Shield Trial Setting 
Initiated SSO Connection Request 
Changed SSO Test Mode Setting 
Added New SSO Verification Certificate 
Removed SSO Verification Certificate 
Scheduled enforcement of two factor authentication for external collaborators 
Disabled two factor authentication for external collaborators 
Two factor authentication for external collaboration enforcement complete 
Two factor authentication for external collaboration enforcement failed 
Changed configuration for two factor authentication for external collaborators 

 

Sign

Changed Sign User Enablement 
Changed Sign Users Can Create Templates 
Enabled Sign Disclosure 
Changed Sign Disclosure Type 
Changed Sign Enterprise-Specific Disclosure Text 

 

User Settings

Default user contact view-ability 
Default user sync availability 
Default user login activity exemption