Auditing

Features for system auditing

Pega Platform provides comprehensive security information and event management (SIEM) features to:

• Monitor all security-related activity in the system.
• Create reports that analyze patterns of system usage.
• Identify patterns of suspicious behavior.
• Determine the scope of the damage if any vulnerabilities are exploited.

Data auditing

The Pega Platform History- class supports auditing by capturing all data changes in rules and cases. The History- class automatically captures the following updates:

• For rules and cases: changes to the operator ID, including a time stamp for the change
• For standard properties: any changes to field-level tracking

Audit user and developer actions

In addition to tracking data changes in rules and cases, you can audit user and developer actions that might affect the security of your application. This information might potentially indicate suspicious behavior by any developer or user. You can audit the following event types:

• Authentication events
  • Successful and failed login attempts
  • Password changes
  • Session terminations
  • Logouts
  • Changes to operator records
• Data access events
  • Successful attempts to open cases
  • Attempts to open cases if the attempt fails because of security policies
  • SQL queries to the database
  • Changes to report filters
  • Full-text searches
• Security administration events
  • Changes to security authentication policies
  • Changes to attribute-based access control (ABAC) policies and policy conditions (all changes are registered)
  • Changes to role-based access control (RBAC), including changes to Rule-Access-Role-Obj (RARO) rules
  • Changes to dynamic system settings (DSS)
  • Changes to content security policies (CSP)
  • Changes to access groups
  • Changes to work queues
  • Invocations of Access Manager

In addition, you can define your own custom security events that you want to be logged.

For more information, see Tracking and auditing actions by developers and users.