Support Article
SECU0001 alert continuously appears in alert logs
SA-31582
Summary
SECU0001 alert displays continuously in the alert logs.
Error Messages
Not Applicable
Steps to Reproduce
Unknown
Root Cause
A defect in Pegasystems’ code or rules
The issue occurs when the SECU0001 alert is generated during the processing of HTTP requests. And, properties that are not in the list of expected properties are not considered by the system.
After processing all the HTTP parameters, the system generates the SECU0001 alert and lists all the unexpected properties.
For more information, refer to https://community.pega.com/knowledgebase/articles/secu0001-alert-unexpected-properties-received-http-request
Resolution
Update or upgrade to the latest Pega Platform release or Platform Patch Release.
The issue was fixed and delivered in Pega 8.2.
See the Resolved Issue ISSUE 404321 Updated parameter handling for SECU0001 alert for accuracy
Do not disable the security setting unexpectedinputpropertyalert in the prconfig.xml file or DSS.
If you previously disabled this setting, enable it, as shown below:
Prconfig setting
<env name="security/unexpectedinputpropertyalert" value="true" />
or
DSS setting
Owning-Ruleset:Pega-Engine
Purpose:prconfig/security/UnexpectedInputPropertyAlert/default
Value:true
See also https://community.pega.com/knowledgebase/articles/security-settings-prconfigxml-file.
Published October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.