Merge branch 'main' of github.com:box/developer.box.com into staging

Author: anastasiaberyoza

content/guides/events/event-triggers/shield-alert-events.md

@@ -27,6 +27,7 @@ The possible alerts produced by Shield are for:
 2. Suspicious sessions
 3. Anomalous downloads
 4. Malicious content
+5. Ransomware activity (part of Shield Pro)
 
 All Shield threat detection alert events are produced within the
 [enterprise event][events] stream. These events follow the
@@ -339,6 +340,76 @@ The `additional_details` payload will provide the following details:
 }
 ```
 
+### Ransomware activity alert
+
+<!--alex ignore-->
+
+A ransomware activity alert is produced when Box Shield identifies suspicious file extensions that may be indicative of a ransomware attack. It can be identified by the Ransomware Activity value within `additional_details.shield_alert.rule_category`. 
+
+The `additional_details` payload will provide the following details:
+
+<!--alex enable-->
+
+```json
+{
+  "source": null,
+  "created_by": {
+    "type": "user",
+    "id": "2",
+    "name": "Unknown User",
+    "login": ""
+    },
+    "action_by": null,
+    "created_at": "2025-08-19T10:44:26-07:00",
+    "event_id": "5b508973-0e48-4bc1-80b2-a05b5382eb37",
+    "event_type": "SHIELD_ALERT",
+    "ip_address": "1.2.3.4",
+    "type": "event",
+    "session_id": null,
+    "additional_details": {
+      "shield_alert": {
+        "rule_category": "Ransomware Activity",
+        "rule_id": "1234",
+        "rule_name": "Ransomware Detection",
+        "rule_response_action": null,
+          "risk_score": 100,
+          "alert_summary": {
+          "total_files_affected": 42,
+          "ip_details": [
+            {
+             "ip": "1.2.3.4",
+             "registrant": "Microsoft Corporation",
+             "latitude": "37.5555",
+             "longitude": "-120.6789",
+             "city_name": "San Jose",
+             "region_name": "California",
+             "country_code": "US"
+            }
+           ],
+           "suspicious_file_extensions": [
+            "lockbit"
+           ],
+           "anomaly_period": {
+            "date_range": {
+             "start_date": "2009-02-13T23:31:30Z",
+             "end_date": "2009-02-13T23:31:30Z"
+            }
+          }
+        },
+        "alert_id": 1234,
+        "priority": "medium",
+        "user": {
+         "id": 8167630149,
+         "name": "Some user",
+         "email": "[email protected]"
+        },
+        "link": "https://app.box.com/master/shield/alerts/1234",
+        "created_at": "2025-08-19T10:44:26-07:00"
+     }
+   }
+}
+```
+
 <!-- i18n-enable localize-links -->
 [box-shield]: https://www.box.com/shield
 [threatdetect]:https://support.box.com/hc/en-us/articles/360044196113-Using-Threat-Detection

package.json

@@ -56,15 +56,15 @@
   "dependencies": {
     "@apidevtools/json-schema-ref-parser": "^11.7.2",
     "alex": "^11.0.1",
-    "axios": "^1.7.8",
+    "axios": "^1.12.0",
     "comment-json": "^4.2.5",
     "concurrently": "^9.1.0",
     "dot-prop": "^9.0.0",
     "esm": "^3.2.25",
     "fs-extra": "^11.2.0",
     "glob": "8.1.0",
     "jest": "^29.7.0",
-    "js-yaml": "^4.1.0",
+    "js-yaml": "^4.1.1",
     "jsonpath": "^1.0.2",
     "markdown-spellcheck": "^1.3.1",
     "markdownlint-cli": "^0.41.0",

yarn.lock

@@ -1103,13 +1103,13 @@ asynckit@^0.4.0:
   resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"
   integrity sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==
 
-axios@^1.7.8:
-  version "1.9.0"
-  resolved "https://registry.yarnpkg.com/axios/-/axios-1.9.0.tgz#25534e3b72b54540077d33046f77e3b8d7081901"
-  integrity sha512-re4CqKTJaURpzbLHtIi6XpDv20/CnpXOtjRY5/CU32L8gU8ek9UIivcfvSWvmKEngmVbrUtPpdDwWDWL7DNHvg==
+axios@^1.12.0:
+  version "1.12.0"
+  resolved "https://registry.yarnpkg.com/axios/-/axios-1.12.0.tgz#11248459be05a5ee493485628fa0e4323d0abfc3"
+  integrity sha512-oXTDccv8PcfjZmPGlWsPSwtOJCZ/b6W5jAMCNcfwJbCzDckwG0jrYJFaWH1yvivfCXjVzV/SPDEhMB3Q+DSurg==
   dependencies:
     follow-redirects "^1.15.6"
-    form-data "^4.0.0"
+    form-data "^4.0.4"
     proxy-from-env "^1.1.0"
 
 babel-jest@^29.7.0:
@@ -1811,7 +1811,12 @@ es-set-tostringtag@^2.1.0:
     has-tostringtag "^1.0.2"
     hasown "^2.0.2"
 
-escalade@^3.1.1, escalade@^3.2.0:
+escalade@^3.1.1:
+  version "3.1.1"
+  resolved "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz"
+  integrity sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==
+
+escalade@^3.2.0:
   version "3.2.0"
   resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.2.0.tgz#011a3f69856ba189dffa7dc8fcce99d2a87903e5"
   integrity sha512-WUj2qlxaQtO4g6Pq5c29GTcWGDyd8itL8zTlipgECz3JesAiiOKotd8JU6otB3PACgG6xkJUyVhboMS+bje/jA==
@@ -2041,10 +2046,10 @@ form-data-encoder@^2.1.2:
   resolved "https://registry.yarnpkg.com/form-data-encoder/-/form-data-encoder-2.1.4.tgz#261ea35d2a70d48d30ec7a9603130fa5515e9cd5"
   integrity sha512-yDYSgNMraqvnxiEXO4hi88+YZxaHC6QKzb5N84iRCTDeRO7ZALpir/lVmf/uXUhnwUr2O4HU8s/n6x+yNjQkHw==
 
-form-data@^4.0.0:
-  version "4.0.3"
-  resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.3.tgz#608b1b3f3e28be0fccf5901fc85fb3641e5cf0ae"
-  integrity sha512-qsITQPfmvMOSAdeyZ+12I1c+CKSstAFAwu+97zrnWAbIr5u8wfsExUzCesVLC8NgHuRUqNN4Zy6UPWUTRGslcA==
+form-data@^4.0.4:
+  version "4.0.4"
+  resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.4.tgz#784cdcce0669a9d68e94d11ac4eea98088edd2c4"
+  integrity sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==
   dependencies:
     asynckit "^0.4.0"
     combined-stream "^1.0.8"
@@ -3098,10 +3103,10 @@ js-yaml@^3.10.0, js-yaml@^3.13.1:
     argparse "^1.0.7"
     esprima "^4.0.0"
 
-js-yaml@^4.1.0:
-  version "4.1.0"
-  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602"
-  integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==
+js-yaml@^4.1.0, js-yaml@^4.1.1:
+  version "4.1.1"
+  resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.1.tgz#854c292467705b699476e1a2decc0c8a3458806b"
+  integrity sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==
   dependencies:
     argparse "^2.0.1"