Overview:
Users must be able to filter file activity based on process details: Process Name, Process Ancestor, Process Arguments, and Process UID. These criteria already exist in the deployment policyCriteriaDescriptors under the PROCESS_ACTIVITY category but are not available in the nodeEventDescriptor. They need to be added to both deployment file activity and node event contexts, with the constraint that process criteria cannot be used alone and must be paired with file activity criteria.

Implementation Details:
Add Process Name, Process Ancestor, Process Arguments, and Process UID descriptors to nodeEventDescriptor. Ensure the policy wizard validates that process criteria are only used alongside file activity criteria (File Path or File Operation). May require validation logic in the policy wizard step or backend validation.

Acceptance Criteria:

• Process Name, Process Ancestor, Process Arguments, and Process UID are available as criteria when creating Node event policies
• Process criteria can be combined with File Path and File Operation in a single policy section
• Policy cannot be saved with only process criteria and no file activity criteria
• Combined criteria policy (e.g., path + operation + process name) triggers correct violations

Files to Update:
1. apps/platform/src/Containers/Policies/Wizard/Step3/policyCriteriaDescriptors.tsx:1653-1676 - nodeEventDescriptor
2. Policy wizard validation (TBD based on where validation is enforced)

Blocked by:

• ROX-30807 - Support for process details in detection (deployment)
• ROX-33000 - Support for process details in detection (Node)