Support Article

SECU0001 alert continuously appears in alert logs

SA-31582

Summary



SECU0001  alert displays continuously in the alert logs.


Error Messages



Not Applicable


Steps to Reproduce



Unknown


Root Cause



A defect in Pegasystems’ code or rules

The issue occurs when the SECU0001 alert is generated during the processing of HTTP requests. And, properties that are not in the list of expected properties are not considered by the system.

After processing all the HTTP parameters, the system generates the SECU0001 alert and lists all the unexpected properties.

For more information, refer to https://community.pega.com/knowledgebase/articles/secu0001-alert-unexpected-properties-received-http-request



Resolution



Update or upgrade to the latest Pega Platform release or Platform Patch Release.

The issue was fixed and delivered in Pega 8.2.
See the Resolved Issue
ISSUE 404321 Updated parameter handling for SECU0001 alert for accuracy

Do not disable the security setting unexpectedinputpropertyalert in the prconfig.xml file or DSS.
If you previously disabled this setting, enable it, as shown below:

Prconfig setting

<env name="security/unexpectedinputpropertyalert" value="true" />

or

DSS setting
Owning-Ruleset:Pega-Engine
Purpose:prconfig/security/UnexpectedInputPropertyAlert/default
Value:true 


See also https://community.pega.com/knowledgebase/articles/security-settings-prconfigxml-file.
Suggest Edit

Published October 8, 2020


0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.