Question
TATA Consultancy Services Ltd.
IN
Last activity: 24 May 2022 6:06 EDT
Issues during suppressing the ParameterPage values for PEGA0001 alert log
Issues during suppressing/masking the ParameterPage values for PEGA0001 alert log entries
I have tried with creating DSS for alerts/general/includeparameterpage and set the value to false. And, did a server restart post that.
But, still parameter page data is reflecting into the alert log.
Can you please let me know what changes to be done to make that work.
***Edited by Moderator Marije to amend Product Version***
***Edited by Moderator Marije to add BUG***
***Edited by Moderator Marije to add Support Case Details***
***Edited by Moderator Marije to add EPIC***
Accepted Solution
Updated: 24 May 2022 6:06 EDT
Pegasystems Inc.
GB
@ANIRBANDATTA no hotfix was built for GA 6.3 For Pega 6.3 SP1 I was able to find HFIX-46604 (BUG-391862).
As 6.3 is now out of support / extended support we cannot create a hotfix for you for that version.
If you decide to install 6.3 SP1 then you can log a support ticket to request the hotfix.
1. Take a backup of your database before installing hotfixes.
2. Using Update Manager, install DL-XXXXX.zip
3. Make sure you have configured the DSS setting owning ruleset:
Pega-Engine, setting purpose: prconfig/alerts/general/includeparameterpage/default, with a value of false
4. Stop your PRPC instances
5. Remove the PegaRULES_Extract_Marker.txt file and re-start the server.
6. Validate that you are no longer seeing the parameter page in the PEGA0001 alerts
We will recommend you to upgrade to recent versions of Pega as they offer more granular approach to obsfuscate sensitive information.
TATA Consultancy Services Ltd.
IN
Can anybody let me know the solution.
Please, also let me know what syntax to follow to set value for PRConfig through DSS.
Updated: 20 May 2022 5:41 EDT
Pegasystems Inc.
GB
@ANIRBANDATTA can you give us the exact version of PRPC 6.2 that you have installed?
Did you check other forum posts such these ones?
Can ParameterPage values be supressed for PEGA0001 alert log entries?
Issues during suppressing/masking the ParameterPage values for PEGA0001 alert log entries
Suppress parameters in the alert event (Support article SA-9328)
I was not able to find the option to add these as DSS.
Add the following setting to prconfig.xml to suppress the sensitive property values:
<env name="alerts/database/operationTimeThreshold/suppressInserts" value="true" />
This setting will suppress the sensitive property values (and replace them with question marks).
To suppress information in parameters, add the following setting to prconfig.xml:
<env name="alerts/general/includeparameterpage" value="false" />
This setting determines if the parameter page of the top-most stackframe will be included in the ALERT log when the alert is generated.
@ANIRBANDATTA can you give us the exact version of PRPC 6.2 that you have installed?
Did you check other forum posts such these ones?
Can ParameterPage values be supressed for PEGA0001 alert log entries?
Issues during suppressing/masking the ParameterPage values for PEGA0001 alert log entries
Suppress parameters in the alert event (Support article SA-9328)
I was not able to find the option to add these as DSS.
Add the following setting to prconfig.xml to suppress the sensitive property values:
<env name="alerts/database/operationTimeThreshold/suppressInserts" value="true" />
This setting will suppress the sensitive property values (and replace them with question marks).
To suppress information in parameters, add the following setting to prconfig.xml:
<env name="alerts/general/includeparameterpage" value="false" />
This setting determines if the parameter page of the top-most stackframe will be included in the ALERT log when the alert is generated.
Re-start the server after changes made.
the DSS prconfig/alerts/parameterpage/remoteFilterType/default should be set to "obfuscate". The default value is "allowed"
If you are on Pega 6.2. SP2 we recommend that you request HFIX-21245 for 6.2 SP1 it is HFix-5683 (for 7.2 HFIX-66817 )
updates to allow the following DSS settings to work to either suppress the parameters on the alert: Pega-Engine
prconfig/alerts/general/includeparameterpage/default with a value of "false" or to filter on specific keywords (AccountNumber;SSN; below):
Pega-Engine prconfig/alerts/parameterpage/remoteFilterType/default with a value of "obfuscate"
Pega-Engine prconfig/alerts/parameterpage/obfuscateKeywords/default with a value of the property name(s) separated by semicolon. ex. AccountNumber;SSN;
To suppress sensitive property values, add the following setting to prconfig.xml:
<env name="alerts/database/operationTimeThreshold/suppressInserts" value="true" /> This setting will suppress the sensitive property values (and replace them with question marks). To suppress information in parameters, please add the following setting to prconfig.xml:
<env name="alerts/general/includeparameterpage" value="false" /> This setting determines whether the parameter page of the topmost stackframe will be included in the ALERT log when the alert is generated. We will recommend you to upgrade to recent versions of Pega as they offer more granular approach to obsfuscate sensitive information.
From Pega 8.1 the white list using allowed keywords of the parameter page will be the default for both the file system and PDC/AES.
This will resolve the security issue of data in the filesystem for alerts. There are also hotfixes available to make white list the only option for the filesystem.
TATA Consultancy Services Ltd.
IN
@MarijeSchillernActually, I did wrongly specify 6.2. Its 6.3 actually. Can you please specify necessary HFIX for 6.3 version.
Accepted Solution
Updated: 24 May 2022 6:06 EDT
Pegasystems Inc.
GB
@ANIRBANDATTA no hotfix was built for GA 6.3 For Pega 6.3 SP1 I was able to find HFIX-46604 (BUG-391862).
As 6.3 is now out of support / extended support we cannot create a hotfix for you for that version.
If you decide to install 6.3 SP1 then you can log a support ticket to request the hotfix.
1. Take a backup of your database before installing hotfixes.
2. Using Update Manager, install DL-XXXXX.zip
3. Make sure you have configured the DSS setting owning ruleset:
Pega-Engine, setting purpose: prconfig/alerts/general/includeparameterpage/default, with a value of false
4. Stop your PRPC instances
5. Remove the PegaRULES_Extract_Marker.txt file and re-start the server.
6. Validate that you are no longer seeing the parameter page in the PEGA0001 alerts
We will recommend you to upgrade to recent versions of Pega as they offer more granular approach to obsfuscate sensitive information.
TATA Consultancy Services Ltd.
IN
@MarijeSchillern Thanks for the input. One quick question - An SR was also raised on this and got the reply there to use property encryption feature. Can you please let me know the steps to implement property encryption feature.
Updated: 23 May 2022 6:04 EDT
Pegasystems Inc.
GB
@ANIRBANDATTA please provide the incident ID.
You should be able to direct your question to the engineer who worked with you on this.
Also I believe the link I provided earlier contains details about obfuscation.
TATA Consultancy Services Ltd.
IN
Thanks for your quick response.
Our application is being upgraded to 8.5.3. Since, same issue exists there as well, INC-225299 was raised for that and got the reply as stated before.
However, issue came up first in current version 6.3 SP1. And, we tried obfuscation before but that didn't work. Will it also need HotFix (HFIX-46604) installation?
Is there any other way of property encryption?
Also, is there any HotFix for 8.5.3 version?
Pegasystems Inc.
GB
@ANIRBANDATTA HFIX-46604 is for 6.3 sp1 and that has been fixed in later releases ( BUG-311806 , BUG-599213 and fixed in 7.3.1 via BUG-311806 ).
Please continue working with the engineer dealing with INC-225299 as my research shows that this issue should not be occuring in 8.5.3 as long as you have set the DSS as per the documents I provided earlier.
As this question was for PRPC 6.3 could I ask that you mark a solution as accepted if you no longer wish to discuss the 6.3 installation?