Security alert monitoring
Pega Platform™ logs security alerts whenever it detects a condition representing a possible security incident. Security alerts are generated in the security alert log (ALERTSECURITY log file) when the security of a Pega Platform server is at risk.
For example, when someone attempts to hijack a user session, security alerts are generated, and these alerts can be viewed in the security alert log. Security alert codes start with the letters SECU.
A Security Administrator is responsible for periodically examining and addressing these security alerts.
The alerts include:
- User switching attempts
- Access to restricted activity, stream, or report
- Unauthorized data access
- Session hijacking
- Cross-site request forgery (CSRF) attacks
- Injection attacks
- Content Security Policy violations
The importance of security alerts
Reviewing logs regularly helps identify malicious attacks on your system.
Alert | Description |
---|---|
SECU0006 | Generated when excessive login attempts are made; this might mean that the system is under a brute force attack or that the user forgot the password. |
SECU0008 | Generated when a cross-site request forgery (CSRF) attack was detected and blocked. |
SECU0019 | Generated when a control issues a request that has not been registered. |
Pega Platform has properly categorized application alerts, such as for performance alerts, security alerts, database alerts, operations alerts, robotics alerts, and others. For more information on security alerts, see the alerts overview article on Pega Community.
As a best practice, configure the application server in your test environment so that it mirrors a production environment configuration, so that you can try to identify security threats before moving your application to your actual production environment.
Check your knowledge with the following interaction: