Security auditing
Security auditing is a core architectural responsibility in modern application development. For a Lead System Architect (LSA), designing a robust auditing strategy ensures that the application remains secure, transparent, compliant, and resilient.
An audit trail serves as the system of record for security-related events. It provides visibility into who performed an action and when, which is essential for troubleshooting, detecting suspicious behavior, analyzing potential breaches, and meeting regulatory requirements.
Pega Platform™ includes built-in auditing tools that enable you to create a trusted and verifiable system. These tools focus on two areas: an auditing system and security events, and auditing data changes.
System and security event auditing
Pega Platform provides a Security Information and Event Management (SIEM) framework to monitor critical security activities. Use the Security Event Configuration in Dev Studio to define granular audit policies. Each security event captures context such as timestamp, application, node, operator, IP address, and tenant ID.
Key event categories include:
| Event Category | Description |
|
Authentication Events |
Tracks successful logins, failed attempts, password changes, and session terminations. Patterns of failed logins from a single IP address can indicate a brute-force attack. |
|
Security Administration Events |
Logs changes to the security model, including modifications to Access Roles (RBAC), Access Policies (ABAC), Content Security Policies (CSP), and Access Groups. Unauthorized changes can create vulnerabilities. |
|
Data Access Events |
Audits attempts to access or view data, including opening cases, running reports, and performing searches. Monitoring unusual access patterns helps detect potential misuse. |
|
OAuth 2.0 Events |
Tracks the lifecycle of OAuth 2.0 client registrations and tokens. This is critical for securing API integrations and detecting misuse of credentials. |
Data and Field-Level Auditing
System event auditing tracks actions, while data auditing tracks changes. Pega Platform uses the History- class framework to capture changes to Rules and Case data. You can configure field-level auditing for sensitive data values within cases or data objects.
Enable auditing for fields that contain Personally Identifiable Information (PII) or financial data to maintain a complete record of modifications, including previous and new values, the user who made the change, and the timestamp.
In Constellation applications, field-level auditing is straightforward for simple fields. For complex scenarios, such as auditing data classes or specific Rule Types, use data transforms and declare triggers to create custom audit records.
Audit strategy checklist for LSAs
Design your auditing strategy early in the project lifecycle. Use this checklist as a guide:
- Define the audit scope: Identify sensitive data and critical events in collaboration with business and security stakeholders.
- Design for performance: Excessive auditing can affect performance. Use granular controls in Security Event Configuration to audit only necessary events.
- Plan for incident response: Document how to access and analyze audit logs during a security incident.
- Integrate with enterprise SIEM: Configure export of Pega audit data to your organization’s SIEM tool (for example, Splunk or QRadar) for centralized monitoring.
- Review regularly: Update audit configurations and adopt new Pega Platform features to maintain a strong security posture.
Key principles
- Avoid over-auditing to maintain system performance.
- Ensure audit logs are accessible and actionable during incidents.
- Continuously review and improve auditing strategies.
Security auditing in Pega software is more than a compliance requirement; it is a core design element for a secure and transparent application. For the Lead System Architect, auditing must be planned from the start. Define what to audit to balance security visibility with system performance. This approach ensures that audit logs support proactive security and accountability throughout application operations.
Check your knowledge with the following interaction: