Skip to main content
Verify the version tags to ensure you are consuming the intended content or, complete the latest version.

Security alert monitoring

Pega Platform™ logs security alerts whenever it detects a condition representing a possible security incident. Security alerts are generated in the security alert log (ALERTSECURITY log file) when the security of a Pega Platform server is at risk.

For example, when someone attempts to hijack a user session, security alerts are generated, and these alerts can be viewed in the security alert log. Security alert codes start with SECU. 

A Security Administrator is responsible for periodically examining and addressing these security alerts.

The alerts include:

  • User switching attempts
  • Access to restricted activity, stream, or report
  • Unauthorized data access
  • Session hijacking
  • Cross-site request forgery (CSRF) attacks
  • Injection attacks
  • Content Security Policy violations

The importance of security alerts

Reviewing logs regularly helps identify malicious attacks on your system.

Alert Description
SECU0006  Generated when excessive login attempts are made; this might mean that the system is under a brute force attack or that the user forgot the password.
SECU0008  Generated when a cross-site request forgery (CSRF) attack was detected and blocked. 
SECU0019  Generated when a control issues a request that has not been registered. 

For more information, see the List of performance and security alerts in Pega Platform topic on Pega Community.

As a best practice, configure the application server in your test environment so that it mirrors a production environment configuration, to identify security threats before moving your application to your actual production environment. 

This Topic is available in the following Module:

If you are having problems with your training, please review the Pega Academy Support FAQs.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Academy has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice