Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Auditing

Updated on June 30, 2021

With Pega Platform, you can track many types of security events, such as failed logins, password changes, and changes to rules and data. By tracking all of these events, you can understand how your system functions and detect any potential problems.

System auditing

Pega Platform provides comprehensive security information and event management (SIEM) features with which you can:

  • Monitor all security-related activity in the system.
  • Create reports that analyze patterns of system usage.
  • Identify patterns of suspicious behavior.
  • Determine the scope of the damage if any vulnerabilities are exploited.

Data auditing

The Pega Platform History- class supports auditing by capturing all data changes in rules and cases. The History- class automatically captures the following updates:

  • For rules and cases - changes to the operator ID
  • For standard properties - any changes to field-level tracking

For more information, see:

Audit user and developer actions

In addition to tracking data changes in rules and cases, you can audit user and developer actions that might affect the security of your application. This information might potentially indicate suspicious behavior by a developer or user.

All security events include the following information:

  • Date and time
  • Application name
  • Node
  • IP address
  • Tenant ID
  • Operator ID
  • Event class (authentication or authorization)
  • Event type

Event types that can be audited

In Security Event Configuration, there are 3 types of events you can audit: Authentication events, Data access events, and Security administration events. Specific information about these events is available below.

To access the Security Event Configuration, in the header of Dev Studio, click ConfigureOrg & SecurityToolsSecuritySecurity Event Configuration.

Authorization events

Authorization events assists developers by tracking:

  • Successful and failed login attempts
  • Password changes
  • Session terminations
  • Logouts
  • Changes to operator records

The table below describes the Authorization events on the Security Event Configuration tab.

Note: Any authorization event that is selected by default. You cannot stop these changes from being tracked.

Authorization eventDefault setting
Successful and failed login attemptsNot selected
Password changesNot selected
Session terminationsSelected
LogoutsSelected
Changes to operator recordsSelected

Data access events

Data access events assists developers by tracking:

  • Successful attempts to open cases
  • Attempts to open cases if the attempt fails because of security policies
  • SQL queries to the database
  • Changes to report filters
  • Full-text searches

The table below describes the Data access events on the Security Event Configuration tab.

Note: Any data access event that is selected by default. You cannot stop these changes from being tracked.

Data access eventDefault setting
Every open of a work- class object on the clipboard that succeedsNot selected
Every SQL query that executedNot selected
Changes to report definition filtersNot selected
Search queriesNot selected
Every open of a work- class object on the clipboard that fails due to security policiesSelected
Every report definition that executedSelected
Every malformed request received from clientSelected

Security administration events

Security administration events assists developers by tracking:

  • Changes to security authentication policies
  • Changes to attribute-based access control (ABAC) policies and policy conditions
  • Changes to role-based access control (RBAC), including changes to Rule-Access-Role-Obj (RARO) rules
  • Changes to dynamic system settings
  • Changes to content security policies (CSP)
  • Changes to access groups
  • Changes to work queues
  • Invocations of Access Manager

The table below describes the Security administration events on the Security Event Configuration tab.

Note: Any security administration events that is selected by default. You cannot stop these changes from being tracked.

Security administration eventDefault setting
Every invocation of access managerNot selected
Every BIX form changes and executionsNot selected
Every change to ABAC security policiesSelected
Every change to CBAC security policiesSelected
Every change to dynamic system settingsSelected
Every change to content security policy (CSP)Selected
Every change to security authentication policiesSelected
Every change to security event configurationSelected
Every change to RBAC security policies (including RADO and RARO)Selected
Every change to access group settingsSelected
Every change to workbasket role settingsSelected
Every request to Disable/Enable operatorSelected
Every request to add/update/removal of servletSelected

OAuth 2.0 events

OAuth 2.0 events assists developers by tracking:

  • Token requests
  • Token revocations
  • Invalid tokens
  • API requests
  • Client rule form changes
  • Dynamic client registration

The table below describes the OAuth 2.0 events on the Security Event Configuration tab.

Note: Any OAuth 2.0 events that is selected by default. You cannot stop these changes from being tracked.
OAuth 2.0 eventsDefault setting
Invalid token requestsSelected
API requests with invalid client credentialsSelected
Token revocation from Rest APISelected
Regeneration of client secret from rule formSelected
Token revocation from rule formSelected
Delete client instance from rule formSelected
Dynamic client registrationSelected
Resource API invocation using invalid access tokenSelected

Custom events

You can toggle custom events ON and OFF.

You can define your own custom security events that you want to log.

For more information, see Tracking and auditing actions by developers and users.

  • Tracking and auditing changes to data

    Pega Platform maintains a historical record of changes to certain data classes and rule types. You can use this history to diagnose system issues and to demonstrate compliance to internal and external auditors.

  • Tracking and auditing actions by developers and users

    The security event configuration feature is part of security information and event management (SIEM), which combines security information management (SIM) and security event management (SEM). Use the Security Event Configuration landing page to configure the logging of security events so that you can diagnose system issues and demonstrate compliance to auditors.

  • Monitoring security alerts and events

    Pega Platform generates security alerts and events for situations such as attempts to hijack a user session. You can review the security alerts and events by viewing their respective logs.

  • Logging each use of harness and flow action rules

    Your application can create an audit record each time an operator requests either a harness form or a flow action.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us