Auditing
With Pega Platform, you can track many types of security events, such as failed logins and password changes, in addition to many other types of security events and changes to rules and data. By tracking these changes, you can understand how your system functions and detect any potential problems.
Features for system auditing
Pega Platform provides comprehensive security information and event management (SIEM) features to:
- Monitor all security-related activity in the system.
- Create reports that analyze patterns of system usage.
- Identify patterns of suspicious behavior.
- Determine the scope of the damage if any vulnerabilities are exploited.
Data auditing
The Pega Platform History- class supports auditing by capturing all data changes in rules and cases. The History- class automatically captures the following updates:
- For rules and cases: changes to the operator ID, including a time stamp for the change
- For standard properties: any changes to field-level tracking
Audit user and developer actions
In addition to tracking data changes in rules and cases, you can audit user and developer actions that might affect the security of your application. This information might potentially indicate suspicious behavior by any developer or user. You can audit the following event types:
- Authentication events
- Successful and failed login attempts
- Password changes
- Session terminations
- Logouts
- Changes to operator records
- Data access events
- Successful attempts to open cases
- Attempts to open cases if the attempt fails because of security policies
- SQL queries to the database
- Changes to report filters
- Full-text searches
- Security administration events
- Changes to security authentication policies
- Changes to attribute-based access control (ABAC) policies and policy conditions (all changes are registered)
- Changes to role-based access control (RBAC), including changes to Rule-Access-Role-Obj (RARO) rules
- Changes to dynamic system settings (DSS)
- Changes to content security policies (CSP)
- Changes to access groups
- Changes to work queues
- Invocations of Access Manager
In addition, you can define your own custom security events that you want to be logged.
For more information, see Tracking and auditing actions by developers and users.