LinkedIn
Copied!

Table of Contents

Auditing

Version:

Only available versions of this content are shown in the dropdown

With Pega Platform, you can track many types of security events, such as failed logins, password changes, and changes to rules and data. By tracking all of these events, you can understand how your system functions and detect any potential problems.

System auditing

Pega Platform provides comprehensive security information and event management (SIEM) features with which you can:

  • Monitor all security-related activity in the system.
  • Create reports that analyze patterns of system usage.
  • Identify patterns of suspicious behavior.
  • Determine the scope of the damage if any vulnerabilities are exploited.

Data auditing

The Pega Platform History- class supports auditing by capturing all data changes in rules and cases. The History- class automatically captures the following updates:

  • For rules and cases - changes to the operator ID
  • For standard properties - any changes to field-level tracking

For more information, see:

Audit user and developer actions

In addition to tracking data changes in rules and cases, you can audit user and developer actions that might affect the security of your application. This information might potentially indicate suspicious behavior by a developer or user.

All security events include the following information:

  • Date and time
  • Application name
  • Node
  • IP address
  • Tenant ID
  • Operator ID
  • Event class (authentication or authorization)
  • Event type

Event types that can be audited

In Security Event Configuration, there are 3 types of events you can audit: Authentication events, Data access events, and Security administration events. Specific information about these events is available below.

To access the Security Event Configuration, in the header of Dev Studio, click Configure Org & Security Tools Security Security Event Configuration .

Authorization events

Authorization events assists developers by tracking:

  • Successful and failed login attempts
  • Password changes
  • Session terminations
  • Logouts
  • Changes to operator records

The table below describes the Authorization events on the Security Event Configuration tab.

Any authorization event that is selected by default. You cannot stop these changes from being tracked.

Authorization event Default setting
Successful and failed login attempts Not selected
Password changes Not selected
Session terminations Selected
Logouts Selected
Changes to operator records Selected

Data access events

Data access events assists developers by tracking:

  • Successful attempts to open cases
  • Attempts to open cases if the attempt fails because of security policies
  • SQL queries to the database
  • Changes to report filters
  • Full-text searches

The table below describes the Data access events on the Security Event Configuration tab.

Any data access event that is selected by default. You cannot stop these changes from being tracked.

Data access event Default setting
Every open of a work- class object on the clipboard that succeeds Not selected
Every SQL query that executed Not selected
Changes to report definition filters Not selected
Search queries Not selected
Every open of a work- class object on the clipboard that fails due to security policies Selected
Every report definition that executed Selected
Every malformed request received from client Selected

Security administration events

Security administration events assists developers by tracking:

  • Changes to security authentication policies
  • Changes to attribute-based access control (ABAC) policies and policy conditions
  • Changes to role-based access control (RBAC), including changes to Rule-Access-Role-Obj (RARO) rules
  • Changes to dynamic system settings
  • Changes to content security policies (CSP)
  • Changes to access groups
  • Changes to work queues
  • Invocations of Access Manager

The table below describes the Security administration events on the Security Event Configuration tab.

Any security administration events that is selected by default. You cannot stop these changes from being tracked.

Security administration event Default setting
Every invocation of access manager Not selected
Every BIX form changes and executions Not selected
Every change to ABAC security policies Selected
Every change to CBAC security policies Selected
Every change to dynamic system settings Selected
Every change to content security policy (CSP) Selected
Every change to security authentication policies Selected
Every change to security event configuration Selected
Every change to RBAC security policies (including RADO and RARO) Selected
Every change to access group settings Selected
Every change to workbasket role settings Selected
Every request to Disable/Enable operator Selected
Every request to add/update/removal of servlet Selected

OAuth 2.0 events

OAuth 2.0 events assists developers by tracking:

  • Token requests
  • Token revocations
  • Invalid tokens
  • API requests
  • Client rule form changes
  • Dynamic client registration

The table below describes the OAuth 2.0 events on the Security Event Configuration tab.

Any OAuth 2.0 events that is selected by default. You cannot stop these changes from being tracked.
OAuth 2.0 events Default setting
Invalid token requests Selected
API requests with invalid client credentials Selected
Token revocation from Rest API Selected
Regeneration of client secret from rule form Selected
Token revocation from rule form Selected
Delete client instance from rule form Selected
Dynamic client registration Selected
Resource API invocation using invalid access token Selected

Custom events

You can toggle custom events ON and OFF.

You can define your own custom security events that you want to log.

For more information, see Tracking and auditing actions by developers and users.

  • Tracking and auditing changes to data

    Pega Platform maintains a historical record of changes to certain data classes and rule types. You can use this history to diagnose system issues and to demonstrate compliance to internal and external auditors.

  • Tracking and auditing actions by developers and users

    The security event configuration feature is part of security information and event management (SIEM) that combines security information management (SIM) and security event management (SEM). Use the Security Event Configuration landing page to configure the logging of security events so that you can diagnose system issues and demonstrate compliance to auditors.

  • Monitoring security alerts and events

    Pega Platform generates security alerts and events for situations such as attempts to hijack a user session. You can review the security alerts and events by viewing their respective logs.

  • Logging each use of harness and flow action rules

    Your application can create an audit record each time an operator requests either a harness form or a flow action.

Related Content

Article

Security
Did you find this content helpful?

100% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.