Take action on user based on Threat Detection Shield Rule
Extending threat detection ALERTS to take action on a user's access would be very valuable. I've heard lots of customers request having a user's account deactivated if they access Box from a suspicious location. Right now, there is not a way to do this through the core Box application, it has to be done through custom scripting or with another tool.
Automatically logging user out from suspicious locations is on the roadmap for FY23.
AdminAnonymous (Admin, Box) commented
This would also be valuable for anomalous activity and downloads.
E.g. Admin can configure a specific threshold for anomalous downloads --> if a person downloads 1000% more sensitive information than normal, then we suspend their account until the Admin and/or Co-Admin and/or InfoSec team approves the activity.