Privileged user audit controls
We would like to request a feature enhancement please to provide a new email alert to be triggered to a specified group of users when a global enterprise search is performed by a privileged Box admin user from the Box admin console.
We had an insider attack last year which included theft, abuse of privileges, credit card fraud and more. One of the methods he used was to perform enterprise level searches (credit cards, passports, drivers licences) across the whole Box environment.
Whilst we can manually look for these events via a report, this is far to slow to catch an incident in real time. Currently we are not able to close this gap unless we spend lots of time and effort integrating the search event to another SIEM product.
To take this a step further we would like to request an alert for when regular users access (view, download) Personal Identifiable Information (PII).
Kindly consider our enhancement request as part of your next release.