Security event configuration
Version:
The security event configuration feature is part of security information and event management (SIEM) that combines security information management (SIM) and security event management (SEM). Use the Security Event Configuration landing page to configure the logging of security events so that you can diagnose system issues and demonstrate compliance to auditors.
Security events include actions performed by any requestor who accesses the application, data accesses or changes, security policies changes or security-related rules or landing pages, and so on. With the log security events you can then monitor inappropriate access to your data or system.
All security events include the following information:
- Date and time
- Application name
- Node
- IP address
- Operator ID
- Event class (authentication or authorization)
- Event type
Authorization events can also include the following information:
- The entered search string
- The class, ID, and class- of the case state:
- Open
- Unopened
- Blocked by an access policy
- Report name, class, and filter condition.
- Selecting a security event to monitor
To monitor and analyze security events, use the Security Event Configuration feature. You can select individual events to be automatically captured in logs for every user session.
- Adding a custom security event
The Security Event Configuration landing page might not have all the events you want to monitor. However, you can define custom security events that are specific for your application in order to monitor them in the logs.
- Rule and data change auditing
Pega Platform maintains a history of changes to certain data classes and rule types. You can use this history to diagnose system issues and to demonstrate compliance to internal and external auditors.
- Enabling security auditing for a data class or rule type
You can record changes for single values and aggregate properties when you enable security auditing.