Security alert monitoring
Pega Platform™ logs security alerts whenever it detects a condition representing a possible security incident. Security alerts are generated in the security alert log (ALERTSECURITY log file) when the security of a Pega Platform server is at risk.
For example, when someone attempts to hijack a user session, security alerts are generated, and these alerts can be viewed in the security alert log. Security alert codes start with SECU.
A Security Administrator is responsible for periodically examining and addressing these security alerts.
The alerts include:
- User switching attempts
- Access to restricted activity, stream, or report
- Unauthorized data access
- Session hijacking
- Cross-site request forgery (CSRF) attacks
- Injection attacks
- Content Security Policy violations
The importance of security alerts
Reviewing logs regularly helps identify malicious attacks on your system.
| Alert | Description |
|---|---|
| SECU0006 | Generated when excessive login attempts are made; this might mean that the system is under a brute force attack or that the user forgot the password. |
| SECU0008 | Generated when a cross-site request forgery (CSRF) attack was detected and blocked. |
| SECU0019 | Generated when a control issues a request that has not been registered. |
For more information, see the List of performance and security alerts in Pega Platform topic on Pega Community.
As a best practice, configure the application server in your test environment so that it mirrors a production environment configuration, to identify security threats before moving your application to your actual production environment.
This Topic is available in the following Module:
Want to help us improve this content?