We are seeing a lot of SECU0001 alerts in production. This is happening for multiple applications. Most of them are showing OOTB activities in the Splunk Logs.
ReloadSection @baseclass
pzUpdateClipboardModels @baseclass
DOCLOSE @Work
Is there any way we can fix these alerts ? Is it okay to suppress these alerts ?
@KranthiAnnavarapu similar question was answered here. Main documentation: SECU0001 alert: Unexpected properties received in HTTP request
Currently, up to 8.4.3 release, the BAC functionality (the mechanism used by the SECU alerts), is actually a preview feature which is intended only to alert.
However, a defect in Pega code is causing OOTB components to falsely log SECU0019 alerts. It does cause inconvenience but it is very important to understand that those are not a vulnerability, just a false positive triggered by the bug.
This defect is addressed on 8.5 version (which is already available), and the current situation on 8.4 brings no security risks related to the scenario covered by SECU0019, and 8.4.4 suppresses the false entries by default.
You may wish to test your scenario in the latest 8.4 patch (or better yet, update to a version that is not in Extended support)
If you require further help we would need to understand the harness/section user was on when the alert is generated . It might be an idea to log a support incident for which you can first capture the fiddler trace to identify the section and check for hidden controls
Until the upgrade to 8.4.4 you can use the workaround listed here: