Dropbox

Overview

LightBeam Spectra users can connect various data sources to the LightBeam application and these data sources will be continuously monitored for PII, PHI data.

Example: Dropbox, Google Drive, OneDrive, etc

Connecting Dropbox Data Source

1. Login to your LightBeam Instance.

2. Click on DATASOURCES on the Top Navigation Bar.

3. Click on “Add a data source”.

1. Search for “Dropbox”.

1. Click on Dropbox.

1. Fill in the requested information and click on Next.

Basic Information

1. Data Source Name: This is the unique name given to the data source.

2. Description: This is an optional field needed to describe the use of this data source.

3. Primary Owner: Email address of the person responsible for this data source which will get alerts by default.

4. Entity Creation: LightBeam Spectra detects and associates attributes based on the context and identifies whose data it is; these are called entities. Example: Jane Doe is an entity for whom LightBeam Spectra might have detected Name and SSN in a monitored data source.

5. Source of Truth: LightBeam Spectra would have monitored data sources that contain data acting as a single point of truth and that can be used for looking up entities/attributes which help to identify if the other attributes/entities found in any other data source are accurate or not. A Source of Truth data set would create entities based on the attributes found in the data.

6. Location: The location of the data source.

7. Purpose: The purpose of the data being collected/processed.

8. Stage: The stage of the data source. Example: Source, Processing, Archival, etc.

OAuth Token:

a. Select the "OAuth Token" option. b. Click the "Get Access Code" link.

If you are not already logged in, a login page will pop up.

Once you are logged in, you will see a warning message. Click Continue.

c. On the authorization page, review the permissions requested by LightBeam. Click "Allow" to approve.

d. Copy the provided App Access Code.

e. Return to LightBeam and paste the code into the "App Access Code" field. And click on Test Connection.

Verify that you get the message Connection Success! on the screen. Click on Next. Go to 8. Scan Settings

Direct Login

To use the direct login method:

a. Select the "Direct Login" option. b. Enter your Dropbox login credentials directly into the provided fields and click on Test Connection.

c. Verify that you get the message Connection Success! on the screen. Click on Next.

8. Scan Settings

In this step,

Choose one of two scan setting options:

i) Scan All

ii) Scan Selected

To choose option (i), select Scan All, and click on Save.

To choose option (ii), select Scan Selected. Now enter the emails of the members that you would like to include for scanning in the Search box individually.

Select the drives by ticking the checkboxes next to them.

Click on Save.

Appendix

The steps to generate an App key and Refresh Token for your scoped app in Dropbox are given below, so you can connect Dropbox as a data source in LightBeam for retrieving customer-sensitive information.

Create a Dropbox-scoped App

2. Enter details for the scoped app in the App Console.

Define App Permissions

1. Under the app Permission Type, launch Scoped Apps and specify the below permissions

Permissions Scope

The following outlines the necessary permissions for both individual and team scopes:

1. Individual Scope

• Files and Folders:

  • files.metadata.read - Read metadata of files and folders.

  • files.content.read - View content within files and folders.

1. Team Scope

• Team Information:

  • team_info.read - Access basic information about your team, including names, user count, and settings.

• Team Data:

  • team_data.member - Access team member data.

  • team_data.governance.write - Edit governance policies for your team's files and folders.

  • team_data.governance.read - View governance policies of your team's files and folders.

  • team_data.content.read - Access content within your team's files and folders.

  • files.team_metadata.read - View metadata for your team's files and folders.

• Members:

  • members.read - View team membership details.

  • groups.read - View group memberships within your team.

• Session and Activity:

  • sessions.list - View sessions, devices, and apps used by your team.

  • events.read - Access your team's activity log.

1. After specifying the required permissions, click Submit to save the configurations.

Copy App Key and App Secret

a. Under app settings, note the App key to be used in retrieving the Refresh Token and when adding Dropbox as a data source to LightBeam.

b. Locate the App secret below the App key. Click "Show" to reveal it.

c. Copy and paste both the keys for use with the Direct Login option.

Specify OAuth Settings

Under app settings, specify the following parameters:

• Allow public client for OAuth 2.0 PKCE flow

Retrieve Refresh Token

Prerequisites for All Platforms (Unix/Linux/Mac/Windows)

1. Install Python3

2. Install pip Package Manager:

1. Install Dropbox Package:

   Use pip to install the Dropbox package dependency:

pip install dropbox

1. Download the Script:

   Download the script for generating the Refresh Token to your local machine.

2. Export APP_KEY

export APP_KEY=<YOUR_APP_KEY>

1. Run the Script:

• Execute the script by navigating to its directory and running:

  Copy

  python dropbox_refresh_token.py

1. Authorize and Retrieve the Refresh Token:

• Follow the script's instructions to obtain an authorization code.

• This involves copying the provided authorization URL into your browser.

• Click "Continue" on the webpage.

• Grant the listed permissions to your scoped app by selecting Allow.

• Copy the Authorisation Code from the browser and input it into your script

1. Copy the Refresh Token to use for adding Dropbox as a data source to LightBeam.

About LightBeam

LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.