Security alert monitoring
Security alert monitoring identifies and addresses potential threats in your Pega Platform™ application. Configure alerts to track suspicious activities and maintain compliance with organizational security policies.
Pega Platform logs security alerts when it detects conditions that may indicate a security incident. These alerts are recorded in the ALERTSECURITY log file when the server's security is at risk. For example, if an attempt is made to hijack a user session, Pega Platform generates a security alert. Security alert codes begin with SECU. A security administrator is responsible for regularly reviewing and addressing these alerts.
Understanding how to access and interpret security logs is essential for maintaining a secure environment. You can access these log files in Dev Studio.
Pega Platform provides two primary log files for security monitoring:
- PegaRULES-ALERTSECURITY.log: Captures urgent security alerts that require immediate attention.
- PegaRULES-SecurityEvent.log: Records general security events for auditing and compliance. These events typically do not require immediate action.
The alerts include events for:
- User switching attempts
- Access to restricted activity, stream, or report
- Unauthorized data access
- Session hijacking
- Cross-site request forgery (CSRF) attacks
- Injection attacks
- Content Security Policy violations
Monitoring security alerts is essential for several reasons:
- Early detection: By monitoring security alerts, you can quickly identify and respond to potential security threats before they escalate into more significant issues.
- Proactive measures: Regularly reviewing and addressing security alerts enables you to take proactive measures to strengthen your system's defenses and prevent future attacks.
- Compliance: Monitoring security alerts helps ensure that your application complies with security standards and best practices, which is crucial for maintaining the integrity and confidentiality of your data.
- Incident response: In the event of a security breach, having a record of security alerts can aid in the investigation and resolution of the incident, which helps minimize damage and recover more efficiently.
- Continuous improvement: Analyzing security alerts can provide valuable insights into potential weaknesses in your system, which enables you to make continuous improvements to enhance overall security
The importance of security alerts
Reviewing logs regularly helps you identify malicious attacks on your system. The following table shows an example of some alerts and their descriptions:
| Alert | Description |
|---|---|
| SECU0006 | Generated when excessive login attempts are made; this might mean that the system is under a brute force attack or that the user forgot the password. |
| SECU0008 | Generated when a CSRF attack was detected and blocked. |
| SECU0019 | Generated when a control issues a request that has not been registered. |
Pega Platform has properly categorized application alerts, such as for performance alerts, security alerts, database alerts, operations alerts, robotics alerts, and others. For more information about security alerts, see Alerts overview.
To identify security threats before deploying your application to the production environment, it is recommended to configure the application server in your test environment to mirror the production environment.
Monitoring security alerts in Pega Platform is crucial to maintaining a secure and compliant environment. It enables organizations to proactively manage security risks, protect sensitive data, and ensure the ongoing integrity and availability of systems.
Integration with Pega Diagnostic Center
Pega Diagnostic Center (PDC) provides a centralized dashboard for monitoring performance and security alerts, making security management an integral part of Pega Platform.
Key benefits
- Unified alert management: View security and performance alerts together for a complete system health overview.
- Pattern analysis: Visualize trends and correlations to uncover complex security scenarios.
- Proactive security: Anticipate vulnerabilities by using trend analysis, such as an increase in CSRF attempts.
Implementation guidance
When designing security monitoring:
- Configure PDC dashboards to focus on critical security metrics aligned with your risk profile.
- Establish processes for regularly reviewing PDC analytics alongside log entries.
Check your knowledge with the following interaction: