How Splunk Works with UBbox

Learn how Splunk works with UBbox, and how to gain access.

When a restricted data folder is approved and provisioned, monitoring via Splunk is also established and access to Splunk is given to the restricted data stewards or their designees/data users. UBIT provides data stewards with a default monitoring configuration consisting of a Splunk dashboard and set of email alerts.  

It is the restricted data steward's responsibility to use the Splunk monitoring provided to insure security of restricted data.  The data steward may modify the monitoring configuration, but modification must be approved by the security/privacy official associated with the restricted data.

Splunk logs all access to sensitive data.  For each access event, the minimum following information will be logged:

  • The UBITName that accessed the data
  • Name of the folder or file accessed
  • Date & time of the access
  • Client IP
  • Action taken on restricted data folder or file

The following restricted data access events will be logged and will produce alerts (email) sent to the data stewards and security/privacy officials:

  • A collaboration invitation was issued for a folder 
  • Data from a folder was downloaded
  • A subfolder was created with a name that doesn't follow proper naming protocol

Access to Splunk

Access to Splunk is provided by CIT upon approval for storing restricted data in Box and when the restricted data folder is established. Credentials are UBITName and password.  Each data steward will be provided their own dashboard.