Table of Contents

Auditing in Pega Platform

Pega Platform™ offers comprehensive features for security information and event management (SIEM) for performing the following activities:

  • Monitoring all security-related activity in the system
  • Creating reports that analyze patterns of system usage
  • Identifying patterns of suspicious behavior
  • Determining the scope of damage if any vulnerabilities are exploited

Auditing data

The Pega Platform History- class captures all data changes in rules and cases to support auditing. The History- class automatically captures the following information:

  • Changes to the operator ID and time stamp for rules or cases
  • Changes to field-level tracking for standard properties

For more information, see Rule and data change auditing and Case Management - Work Management page - Field Level Auditing tab.

Auditing user and developer actions

In addition to tracking data changes in rules and cases, you can also audit a wide range of user and developer actions that can affect the security of your application and potentially indicate suspicious behavior by any developer or user, including the following actions:

  • Authentication events
    • Successful and failed login attempts
    • Password changes
    • Session terminations
    • Logouts
    • Changes to operator records
  • Data access events
    • Successful attempts to open cases
    • Attempts to open cases that fail because of security policies
    • SQL queries to the Pega database
    • Changes to report filters
    • Full-text searches
  • Security administration events
    • Changes to security authentication policies
    • Every change to attribute-based access control (ABAC) policies and policy conditions
    • Changes to role-based access control (RBAC) such as changes to Rule-Access-Role-Obj (RARO) rules
    • Changes to Dynamic System Settings (DSS)
    • Changes to content security policies (CSP)
    • Changes to access groups
    • Changes to workbaskets
    • Invocations of Access Manager

In addition, you can define your own custom security events to be logged. For more information, see Security Event Configuration.

Related Content

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.