Question
United health group
IN
Last activity: 5 Nov 2015 14:08 EST
How to LOG URL modifications?
Hi Team,
If an operator modifies the pega url and tries to access unauthorized data I should log that attempt.
Can you please suggest
Pegasystems Inc.
US
if you are accessing pega through a web server, the access log should already have that with an error code (e.g., 401). In the meantime, pega system logs should show error/exception as well. Is this for troubleshooting or for production environment?
Updated: 24 Sep 2015 10:04 EDT
Your question should be about how to prevent and not just print log alert pertaining to a malicious hack. URL modification is one way of hack and can be avoided by turning on urlencryption. But there are other changes you can do within the application that will prevent such attacks. I suggest you reach out to your security team and have them generate a vulnerability report for your specific app. Then submit it to Pega via an SR to get recommendations specific to the PRPC version and the application built in it.
United health group
IN
My requirement is when an unauthroised user attempts to access a rule , I will have to log a message for security reasons.
So when a person attempts like this , I will find a Log under Pega logs so based on that log I have to trigger some activity or DB trigger to place a log in my RDB table.
Please suggest me.
Thanks in advance.
What you need is a security audit framework within Pega and I am not sure if this exists. Talk to your AE and submit and enhancement request with our PO.
Marty Solomon do you have other thoughts?
Updated: 5 Nov 2015 14:08 EST
Rules Cube Inc.
CA
HI Pavani,
You need to override some ootb activities, Please refer to this post ***INTERNAL LINK REMOVED BY MODERATOR*** and see the comment made by Phani sahukaru.
Thanks
Regards
Venkatesh G
Pegasystems Inc.
IN
please refer: Re: How to revoke login password of an Operator if failed login attempts exceed a given threshold value
RULE-OBJ-LISTVIEW LOG-SECURITYAUDIT LISTOFLOGINFAILURES!ALL