private EventResult(DicomEventResult result)
{
_result = result;
}
/// <summary>
/// Generates a "User Authentication" login event in the audit log, according to DICOM Supplement 95,
/// and a "Security Alert" event if the operation failed.
/// </summary>
/// <param name="username">The username or asserted username of the account that was logged in.</param>
/// <param name="eventResult">The result of the operation.</param>
public static void LogLogin(string username, EventResult eventResult)
{
LogLogin(username, null, eventResult);
}
private EventResult(DicomEventResult result)
{
_result = result;
}
/// <summary>
/// Generates a "Dicom Study Deleted" event in the audit log, according to DICOM Supplement 95.
/// </summary>
/// <remarks>
/// This method automatically separates different patients into separately logged events, as required by DICOM.
/// </remarks>
/// <param name="aeTitle">The application entity from which the instances were deleted.</param>
/// <param name="instances">The studies that were deleted.</param>
/// <param name="eventSource">The source user or application entity which invoked the operation.</param>
/// <param name="eventResult">The result of the operation.</param>
public static void LogDeleteStudies(string aeTitle, AuditedInstances instances, EventSource eventSource, EventResult eventResult)
{
if (!AuditingEnabled)
{
return;
}
try
{
foreach (var patient in instances.EnumeratePatients())
{
var auditHelper = new DicomStudyDeletedAuditHelper(eventSource, eventResult);
auditHelper.AddUserParticipant(eventSource);
auditHelper.AddUserParticipant(new AuditProcessActiveParticipant(aeTitle));
auditHelper.AddPatientParticipantObject(patient);
foreach (var study in instances.EnumerateStudies(patient))
{
auditHelper.AddStudyParticipantObject(study);
}
Log(auditHelper);
}
}
catch (Exception ex)
{
Platform.Log(LogLevel.Warn, ex, _messageAuditFailed);
}
}
/// <summary>
/// Generates a "Dicom Instances Accessed" update event in the audit log (with ActionCode of Delete), according to DICOM Supplement 95.
/// </summary>
/// <remarks>
/// This method automatically separates different patients into separately logged events, as required by DICOM.
///
/// We chose to impleemnt the DicomInstancesAccessed audit log, as opposed to the DicomStudyDeleted audit message because the whole
/// study isn't being deleted, just a series.
/// </remarks>
/// <param name="aeTitles">The application entities from which the instances were accessed.</param>
/// <param name="instances">The studies that the series belong that are being deleted.</param>
/// <param name="eventSource">The source user or application entity which invoked the operation.</param>
/// <param name="eventResult">The result of the operation.</param>
public static void LogDeleteSeries(IEnumerable <string> aeTitles, AuditedInstances instances, EventSource eventSource, EventResult eventResult)
{
if (!AuditingEnabled)
{
return;
}
try
{
var aeTitlesArray = ToArray(aeTitles);
foreach (var patient in instances.EnumeratePatients())
{
var auditHelper = new DicomInstancesAccessedAuditHelper(eventSource, eventResult, EventIdentificationContentsEventActionCode.D);
auditHelper.AddUser(eventSource);
if (aeTitlesArray.Length > 0)
{
auditHelper.AddUser(new AuditProcessActiveParticipant(aeTitlesArray));
}
auditHelper.AddPatientParticipantObject(patient);
foreach (var study in instances.EnumerateStudies(patient))
{
auditHelper.AddStudyParticipantObject(study);
}
Log(auditHelper);
}
}
catch (Exception ex)
{
Platform.Log(LogLevel.Warn, ex, _messageAuditFailed);
}
}
/// <summary>
/// Generates a "DICOM Instances Transferred" received event in the audit log, according to DICOM Supplement 95.
/// </summary>
/// <remarks>
/// This method automatically separates different patients into separately logged events, as required by DICOM.
/// </remarks>
/// <param name="localAETitle">The local application entity to which the transfer was completed.</param>
/// <param name="remoteAETitle">The application entity from which the transfer was completed.</param>
/// <param name="remoteHostName">The hostname of the application entity from which the transfer was completed.</param>
/// <param name="instances">The studies that were transferred.</param>
/// <param name="eventSource">The source user or application entity which invoked the operation.</param>
/// <param name="eventResult">The result of the operation.</param>
/// <param name="action">The action taken on the studies that were transferred.</param>
public static void LogReceivedInstances(string localAETitle, string remoteAETitle, string remoteHostName, AuditedInstances instances, EventSource eventSource, EventResult eventResult, EventReceiptAction action)
{
if (!AuditingEnabled)
{
return;
}
try
{
foreach (var patient in instances.EnumeratePatients())
{
var auditHelper = new DicomInstancesTransferredAuditHelper(eventSource, eventResult, action,
remoteAETitle ?? localAETitle, remoteHostName ?? LocalHostname, localAETitle, LocalHostname);
foreach (var study in instances.EnumerateStudies(patient))
{
auditHelper.AddStudyParticipantObject(study);
}
Log(auditHelper);
}
}
catch (Exception ex)
{
Platform.Log(LogLevel.Warn, ex, _messageAuditFailed);
}
}
/// <summary>
/// Generates a "Data Export" event in the audit log, according to DICOM Supplement 95.
/// </summary>
/// <remarks>
/// One audit event is generated for each file system volume to which data is exported.
/// If the audited instances are not on a file system, a single event is generated with an empty media identifier.
/// </remarks>
/// <param name="instances">The files that were exported.</param>
/// <param name="eventSource">The source user or application entity which invoked the operation.</param>
/// <param name="currentAE">The current DICOM AE performing the operation.</param>
/// <param name="eventResult">The result of the operation.</param>
public static void LogExportStudies(AuditedInstances instances, EventSource eventSource, EventSource currentAE, EventResult eventResult)
{
if (!AuditingEnabled)
{
return;
}
try
{
var fileVolumes = new List <string>(instances.EnumerateFileVolumes());
if (fileVolumes.Count == 0)
{
fileVolumes.Add(string.Empty);
}
foreach (var volume in fileVolumes)
{
var auditHelper = new DataExportAuditHelper(eventSource, eventResult, volume);
auditHelper.AddExporter(eventSource);
if (eventSource != currentAE)
{
auditHelper.AddExporter(currentAE);
}
foreach (var patient in instances.EnumeratePatients())
{
auditHelper.AddPatientParticipantObject(patient);
}
foreach (var study in instances.EnumerateStudies())
{
auditHelper.AddStudyParticipantObject(study);
}
Log(auditHelper);
}
}
catch (Exception ex)
{
Platform.Log(LogLevel.Warn, ex, _messageAuditFailed);
}
}
/// <summary>
/// Generates an (issued) "Query" event in the audit log, according to DICOM Supplement 95.
/// </summary>
/// <param name="localAETitle">The local application entity making the query.</param>
/// <param name="remoteAETitle">The application entity on which the query is taking place.</param>
/// <param name="remoteHostName">The hostname of the application entity on which the query is taking place.</param>
/// <param name="eventSource">The source user or application entity which invoked the operation.</param>
/// <param name="currentAE">The current DICOM AE performing the operation.</param>
/// <param name="eventResult">The result of the operation.</param>
/// <param name="sopClassUid">The SOP Class Uid of the type of DICOM Query being issued</param>
/// <param name="ds">The dataset containing the DICOM query being issued</param>
public static void LogQueryIssued(string localAETitle, string remoteAETitle, string remoteHostName, EventSource eventSource, EventSource currentAE, EventResult eventResult, string sopClassUid, DicomAttributeCollection ds)
{
if (!AuditingEnabled)
{
return;
}
try
{
var auditHelper = new QueryAuditHelper(eventSource, eventResult,
localAETitle, LocalHostname, remoteAETitle ?? localAETitle,
remoteHostName ?? LocalHostname,
sopClassUid, ds);
if (eventSource != currentAE)
{
auditHelper.AddOtherParticipant(currentAE);
}
Log(auditHelper);
}
catch (Exception ex)
{
Platform.Log(LogLevel.Warn, ex, _messageAuditFailed);
}
}
/// <summary>
/// Generates a "User Authentication" logout event in the audit log, according to DICOM Supplement 95.
/// </summary>
/// <param name="username">The username or asserted username of the account that was logged out.</param>
/// <param name="authenticationServer">The authentication server against which the operation was performed.</param>
/// <param name="eventResult">The result of the operation.</param>
/// <param name="sessionId">The ID of the session that is being logged out.</param>
public static void LogLogout(string username, string sessionId, EventSource authenticationServer, EventResult eventResult)
{
if (!AuditingEnabled)
{
return;
}
try
{
var currentProcess = EventSource.GetUserEventSource(LocalHostname); // record that the current process is the one that identified the authentication event
var auditHelper = new UserAuthenticationAuditHelper(currentProcess, eventResult, UserAuthenticationEventType.Logout);
auditHelper.AddUserParticipant(new AuditPersonActiveParticipant(username, string.Empty, username));
if (authenticationServer != null)
{
auditHelper.AddNode(authenticationServer);
}
Log(auditHelper, username, sessionId);
}
catch (Exception ex)
{
Platform.Log(LogLevel.Warn, ex, _messageAuditFailed);
}
}
/// <summary>
/// Generates a "User Authentication" logout event in the audit log, according to DICOM Supplement 95.
/// </summary>
/// <param name="username">The username or asserted username of the account that was logged out.</param>
/// <param name="eventResult">The result of the operation.</param>
/// <param name="sessionId">The ID of the session that is being logged out.</param>
public static void LogLogout(string username, string sessionId, EventResult eventResult)
{
LogLogout(username, sessionId, null, eventResult);
}
/// <summary>
/// Generates a (received) "Query" event in the audit log, according to DICOM Supplement 95.
/// </summary>
/// <param name="localAETitle">The local application entity receiving the query.</param>
/// <param name="remoteAETitle">The application entity that issued the query.</param>
/// <param name="remoteHostName">The hostname of the application entity that issued the query.</param>
/// <param name="currentAE">The current DICOM AE performing the operation.</param>
/// <param name="eventResult">The result of the operation.</param>
/// <param name="sopClassUid">The SOP Class Uid of the type of DICOM Query being received.</param>
/// <param name="ds">The dataset containing the DICOM query received.</param>
public static void LogQueryReceived(string localAETitle, string remoteAETitle, string remoteHostName, EventSource currentAE, EventResult eventResult, string sopClassUid, DicomAttributeCollection ds)
{
if (!AuditingEnabled)
return;
try
{
var auditHelper = new QueryAuditHelper(currentAE, eventResult,
remoteAETitle ?? localAETitle, remoteHostName ?? LocalHostname, localAETitle, LocalHostname,
sopClassUid, ds);
Log(auditHelper);
}
catch (Exception ex)
{
Platform.Log(LogLevel.Warn, ex, _messageAuditFailed);
}
}
/// <summary>
/// Generates a "User Authentication" login event in the audit log, according to DICOM Supplement 95,
/// and a "Security Alert" event if the operation failed.
/// </summary>
/// <param name="username">The username or asserted username of the account that was logged in.</param>
/// <param name="authenticationServer">The authentication server against which the operation was performed.</param>
/// <param name="eventResult">The result of the operation.</param>
public static void LogLogin(string username, EventSource authenticationServer, EventResult eventResult)
{
if (!AuditingEnabled)
return;
try
{
var currentProcess = EventSource.GetUserEventSource(LocalHostname); // record that the current process is the one that identified the authentication event
var auditHelper = new UserAuthenticationAuditHelper(currentProcess, eventResult, UserAuthenticationEventType.Login);
auditHelper.AddUserParticipant(new AuditPersonActiveParticipant(username, string.Empty, username));
if (authenticationServer != null)
auditHelper.AddNode(authenticationServer);
Log(auditHelper);
if (eventResult != EventResult.Success)
{
var alertAuditHelper = new SecurityAlertAuditHelper(currentProcess, eventResult, SecurityAlertEventTypeCodeEnum.NodeAuthentication);
alertAuditHelper.AddReportingUser(currentProcess);
alertAuditHelper.AddActiveParticipant(new AuditPersonActiveParticipant(username, string.Empty, username));
Log(alertAuditHelper);
}
}
catch (Exception ex)
{
Platform.Log(LogLevel.Warn, ex, _messageAuditFailed);
}
}
