Skip to main content

Looking for an enterprise-level Box user to help solve a puzzle!

Anybody have have experience using Netwrix, Spirion, BigID, or Purview to scan a Box instance for sensitive information?   

As an Information Governance and Records Management consultant, I work with large organizations managing massive data volumes (10+ PB). Many of them store 50+ TB in Box.

Our clients need a tool that can scan a Box repository and identify PII, PHI, PCI, and other risky content, and generate a report.

I'm aware Box offers a proactive real-time monitoring for detection/classification—I'm just looking for a reporting solution that can scan the content and provide reports (ideally with the capability to do incremental scans after that).  

Any ideas?  Thanks in advance for your help and support!


Hi ​@JeffPhillips 👋 Welcome to the Box Community! Great to see you here. 🤗

I believe the Classification report would do this. If you've defined a classification that you would use to identify that data, and then created a classification policy to apply that classification when a file contains that data type, you could run a report and filter on that specific classification. And then schedule that report to run on a frequency you choose.

A classification policy isn't for running ad hoc scans, but for continuous monitoring and for applying classifications when appropriate at any of a number of defined content events, which can be for an organization's entire content set.

Have a great day! 😊
