Security alert monitoring
Pega Platform™ logs security alerts when it detects a condition that may indicate a security incident. Security alerts are generated in the security alert log (ALERTSECURITY log file) when a Pega Platform server's security is at risk.
For example, if someone tries to hijack a user session, Pega Platform generates security alerts, which can be viewed in the security alert log. Security alert codes begin with the letters SECU. A Security Administrator is responsible for regularly reviewing and addressing these security alerts.
The alerts include events for:
-
User switching attempts
-
Access to restricted activity, stream, or report
-
Unauthorized data access
-
Session hijacking
-
Cross-site request forgery (CSRF) attacks
-
Injection attacks
-
Content Security Policy violations
Monitoring security alerts is essential for several reasons:
Early detection: By keeping an eye on security alerts, you can quickly identify and respond to potential security threats before they escalate into more significant issues.
Proactive measures: Regularly reviewing and addressing security alerts enables you to take proactive measures to strengthen your system's defenses and prevent future attacks.
Compliance: Monitoring security alerts helps ensure that your application complies with security standards and best practices, which is crucial for maintaining the integrity and confidentiality of your data.
Incident response: In the event of a security breach, having a record of security alerts can aid in the investigation and resolution of the incident, helping to minimize damage and recover more efficiently.
Continuous improvement: Analyzing security alerts can provide valuable insights into potential weaknesses in your system, enabling you to make continuous improvements to enhance overall security
The importance of security alerts
Reviewing logs regularly helps you identify malicious attacks on your system. The following table shows an example of some alerts and their descriptions:
| Alert | Description |
|---|---|
| SECU0006 | Generated when excessive login attempts are made; this might mean that the system is under a brute force attack or that the user forgot the password. |
| SECU0008 | Generated when a cross-site request forgery (CSRF) attack was detected and blocked. |
| SECU0019 | Generated when a control issues a request that has not been registered. |
Pega Platform has properly categorized application alerts, such as for performance alerts, security alerts, database alerts, operations alerts, robotics alerts, and others. To learn more about security alerts, refer to the alerts overview article on Pega Community.
To identify security threats before deploying your application to the production environment, it is recommended to configure the application server in your test environment to mirror the production environment.
Monitoring security alerts in Pega Platform is crucial to maintaining a secure and compliant environment. It enables organizations to proactively manage security risks, protect sensitive data, and ensure the ongoing integrity and availability of their systems.
Check your knowledge with the following interaction:
This Topic is available in the following Module:
Want to help us improve this content?