Security alert monitoring
Pega Platform™ logs security alerts when it detects a condition that may indicate a security incident. Security alerts are generated in the security alert log (ALERTSECURITY log file) when a Pega Platform server's security is at risk.
For example, if someone tries to hijack a user session, Pega Platform generates security alerts, which can be viewed in the security alert log. Security alert codes begin with the letters SECU. A Security Administrator is responsible for regularly reviewing and addressing these security alerts.
The alerts include events for:
-
User switching attempts
-
Access to restricted activity, stream, or report
-
Unauthorized data access
-
Session hijacking
-
Cross-site request forgery (CSRF) attacks
-
Injection attacks
-
Content Security Policy violations
The importance of security alerts
Reviewing logs regularly helps you identify malicious attacks on your system. The following table shows an example of some alerts and their descriptions:
| Alert | Description |
|---|---|
| SECU0006 | Generated when excessive login attempts are made; this might mean that the system is under a brute force attack or that the user forgot the password. |
| SECU0008 | Generated when a cross-site request forgery (CSRF) attack was detected and blocked. |
| SECU0019 | Generated when a control issues a request that has not been registered. |
Pega Platform has properly categorized application alerts, such as for performance alerts, security alerts, database alerts, operations alerts, robotics alerts, and others. To learn more about security alerts, refer to the alerts overview article on Pega Community.
To identify security threats before deploying your application to the production environment, it is recommended to configure the application server in your test environment to mirror the production environment.
Check your knowledge with the following interaction:
This Topic is available in the following Module:
Want to help us improve this content?