Events API - Add Policy Name to CONTENT_WORKFLOW_UPLOAD_POLICY_VIOLATION
Currently, when an Upload Policy violation occurs, Box reports on that violation in 3 ways:
1. Email notification
2. Admin Console -> Reports tab
3. Events API
In the email notification and admin console->reports, Box provides the policy name for which the violation is occurring. However, Box does NOT include the policy name in the Events API entry, which causes a problem when we are pulling logs (via the Events API) into external reporting/SIEM tools like ArcSight/Splunk.
Request: Add 'Policy Name' to the CONTENTWORKFLOWUPLOADPOLICYVIOLATION entry in the Events API (to reach parity with the native Admin Console reports).
Admindaphnezhao (Admin, Box) commented
Policy name may have changed over time. Or a different policy may take the name with the original one being deleted. Guess simply adding policy name is not sufficient. We will need at least last updated time, last updated by as well. Need to discuss with multiple teams on this.