public Audit(AuditCode code, AuditSeverity severity, string itemId, string message) { this.Code = code; this.Severity = severity; this.ItemId = itemId; this.Message = message; }
/// <summary> /// Audits the generic error. /// </summary> /// <param name="outcomeIndicator">The outcome indicator.</param> /// <param name="eventTypeCode">The event type code.</param> /// <param name="eventIdentifierType">Type of the event identifier.</param> /// <param name="exception">The exception.</param> public override void AuditGenericError(OutcomeIndicator outcomeIndicator, AuditCode eventTypeCode, EventIdentifierType eventIdentifierType, Exception exception) { var audit = this.CreateBaseAudit(ActionType.Execute, eventTypeCode, eventIdentifierType, outcomeIndicator); audit.AuditableObjects.Add(new AuditableObject { IDTypeCode = AuditableObjectIdType.Uri, ObjectId = this.Context.Request.Url.ToString(), Role = AuditableObjectRole.Resource, Type = AuditableObjectType.SystemObject }); if (exception != null) { var auditableObject = new AuditableObject { IDTypeCode = AuditableObjectIdType.Custom, ObjectId = exception.GetHashCode().ToString(), Role = AuditableObjectRole.Resource, Type = AuditableObjectType.Other }; auditableObject.ObjectData.Add(new ObjectDataExtension(exception.GetType().Name, ObjectToByteArray(new Error(exception)))); audit.AuditableObjects.Add(auditableObject); } AuditService.SendAudit(audit); }
/// <summary> /// Creates the base audit. /// </summary> /// <param name="actionType">Type of the action.</param> /// <param name="eventTypeCode">The event type code.</param> /// <param name="eventIdentifierType">Type of the event identifier.</param> /// <param name="outcomeIndicator">The outcome indicator.</param> /// <returns>Returns the created base audit data.</returns> protected virtual AuditData CreateBaseAudit(ActionType actionType, AuditCode eventTypeCode, EventIdentifierType eventIdentifierType, OutcomeIndicator outcomeIndicator) { var audit = CreateBaseAudit(actionType, eventTypeCode, eventIdentifierType); audit.Outcome = outcomeIndicator; return(audit); }
/// <summary> /// Map or create a simple code /// </summary> private static AuditTerm MapOrCreateCode(AuditCode code) { if (code == null) { return(null); } return(MapOrCreateCode(new CodeValue <String>(code.Code, code.CodeSystem, code.DisplayName))); }
public void Audit(AuditCode auditCode, string description) { this.Audits.Add(new Audit() { EntityId = auditCode.GetHashCode(), AffectedId = this.Id, NewValue = description }); }
/// <summary> /// Audit the export of data /// </summary> public static void AuditDataExport() { AuditCode eventTypeId = CreateAuditActionCode(EventTypeCodes.Export); AuditData audit = new AuditData(DateTime.Now, ActionType.Execute, OutcomeIndicator.Success, EventIdentifierType.SecurityAlert, eventTypeId); AddDeviceActor(audit); AddUserActor(audit); SendAudit(audit); }
/// <summary> /// Creates the base audit. /// </summary> /// <param name="actionType">Type of the action.</param> /// <param name="eventTypeCode">The event type code.</param> /// <param name="eventIdentifierType">Type of the event identifier.</param> /// <returns>Returns the created base audit data.</returns> protected virtual AuditData CreateBaseAudit(ActionType actionType, AuditCode eventTypeCode, EventIdentifierType eventIdentifierType) { return(new AuditData { ActionCode = actionType, CorrelationToken = Guid.NewGuid(), EventTypeCode = eventTypeCode, EventIdentifier = eventIdentifierType, Timestamp = DateTime.Now }); }
/// <summary> /// Get or create audit code /// </summary> private DbAuditCode GetOrCreateAuditCode(DataContext context, AuditCode messageCode) { if (messageCode == null) { return(null); } // Try to get from database lock (this.m_lockBox) { var retVal = context.FirstOrDefault <DbAuditCode>(o => o.Code == messageCode.Code && o.CodeSystem == messageCode.CodeSystem); if (retVal == null) { Guid codeId = Guid.NewGuid(); retVal = context.Insert(new DbAuditCode() { Code = messageCode.Code, CodeSystem = messageCode.CodeSystem, Key = codeId }); } return(retVal); } }
/// <summary> /// Get or create audit code /// </summary> private DbAuditCode GetOrCreateAuditCode(LockableSQLiteConnection context, AuditCode messageCode) { if (messageCode == null) { return(null); } var existing = context.Table <DbAuditCode>().Where(o => o.Code == messageCode.Code && o.CodeSystem == messageCode.CodeSystem).FirstOrDefault(); if (existing == null) { byte[] codeId = Guid.NewGuid().ToByteArray(); var retVal = new DbAuditCode() { Code = messageCode.Code, CodeSystem = messageCode.CodeSystem, Id = codeId }; context.Insert(retVal); return(retVal); } else { return(existing); } }
/// <summary> /// Autility utility which can be used to send a data audit /// </summary> public static void AuditDataAction <TData>(EventTypeCodes typeCode, ActionType action, AuditableObjectLifecycle lifecycle, EventIdentifierType eventType, OutcomeIndicator outcome, String queryPerformed, params TData[] data) where TData : IdentifiedData { traceSource.TraceVerbose("Create AuditDataAction audit"); AuditCode eventTypeId = CreateAuditActionCode(typeCode); AuditData audit = new AuditData(DateTime.Now, action, outcome, eventType, eventTypeId); AddDeviceActor(audit); AddUserActor(audit); AddSenderDeviceActor(audit); // Objects //audit.AuditableObjects = data.Select(o => //{ // var idTypeCode = AuditableObjectIdType.Custom; // var roleCode = AuditableObjectRole.Resource; // var objType = AuditableObjectType.Other; // if (o is Patient) // { // idTypeCode = AuditableObjectIdType.PatientNumber; // roleCode = AuditableObjectRole.Patient; // objType = AuditableObjectType.Person; // } // else if (o is UserEntity || o is Provider) // { // idTypeCode = AuditableObjectIdType.UserIdentifier; // objType = AuditableObjectType.Person; // roleCode = AuditableObjectRole.Provider; // } // else if (o is Entity) // idTypeCode = AuditableObjectIdType.EnrolleeNumber; // else if (o is Act) // { // idTypeCode = AuditableObjectIdType.EncounterNumber; // roleCode = AuditableObjectRole.Report; // } // else if (o is SecurityUser) // { // idTypeCode = AuditableObjectIdType.UserIdentifier; // roleCode = AuditableObjectRole.SecurityUser; // objType = AuditableObjectType.SystemObject; // } // return new AuditableObject() // { // IDTypeCode = idTypeCode, // CustomIdTypeCode = idTypeCode == AuditableObjectIdType.Custom ? new AuditCode(o.GetType().Name, "OpenIZTable") : null, // LifecycleType = lifecycle, // ObjectId = o.Key?.ToString(), // Role = roleCode, // Type = objType // }; //}).ToList(); // Query performed if (!String.IsNullOrEmpty(queryPerformed)) { audit.AuditableObjects.Add(new AuditableObject() { IDTypeCode = AuditableObjectIdType.SearchCritereon, LifecycleType = AuditableObjectLifecycle.Access, QueryData = queryPerformed, Role = AuditableObjectRole.Query, Type = AuditableObjectType.SystemObject }); } SendAudit(audit); }
/// <summary> /// A utility which can be used to send a data audit /// </summary> public static void AuditDataAction <TData>(EventTypeCodes typeCode, ActionType action, AuditableObjectLifecycle lifecycle, EventIdentifierType eventType, OutcomeIndicator outcome, String queryPerformed, params TData[] data) where TData : IdentifiedData { AuditCode eventTypeId = CreateAuditActionCode(typeCode); AuditData audit = new AuditData(DateTime.Now, action, outcome, eventType, eventTypeId); AddDeviceActor(audit); AddUserActor(audit); // Objects audit.AuditableObjects = data.Select(o => { var idTypeCode = AuditableObjectIdType.Custom; var roleCode = AuditableObjectRole.Resource; var objType = AuditableObjectType.Other; if (o is Patient) { idTypeCode = AuditableObjectIdType.PatientNumber; roleCode = AuditableObjectRole.Patient; objType = AuditableObjectType.Person; } else if (o is UserEntity || o is Provider) { idTypeCode = AuditableObjectIdType.UserIdentifier; objType = AuditableObjectType.Person; roleCode = AuditableObjectRole.Provider; } else if (o is Entity) { idTypeCode = AuditableObjectIdType.EnrolleeNumber; } else if (o is Act) { idTypeCode = AuditableObjectIdType.EncounterNumber; roleCode = AuditableObjectRole.Report; } else if (o is SecurityUser) { idTypeCode = AuditableObjectIdType.UserIdentifier; roleCode = AuditableObjectRole.SecurityUser; objType = AuditableObjectType.SystemObject; } return(new AuditableObject() { IDTypeCode = idTypeCode, CustomIdTypeCode = idTypeCode == AuditableObjectIdType.Custom ? new AuditCode(o.GetType().Name, "OpenIZTable") : null, LifecycleType = lifecycle, ObjectId = o.Key?.ToString(), Role = roleCode, Type = objType }); }).ToList(); // Query performed if (!String.IsNullOrEmpty(queryPerformed)) { audit.AuditableObjects.Add(new AuditableObject() { IDTypeCode = AuditableObjectIdType.SearchCritereon, LifecycleType = AuditableObjectLifecycle.Access, ObjectId = typeof(TData).Name, QueryData = queryPerformed, Role = AuditableObjectRole.Query, Type = AuditableObjectType.SystemObject }); } AddAncillaryObject(audit); SendAudit(audit); }
/// <summary> /// Audits the generic error. /// </summary> /// <param name="outcomeIndicator">The outcome indicator.</param> /// <param name="eventTypeCode">The event type code.</param> /// <param name="eventIdentifierType">Type of the event identifier.</param> /// <param name="exception">The exception.</param> public abstract void AuditGenericError(OutcomeIndicator outcomeIndicator, AuditCode eventTypeCode, EventIdentifierType eventIdentifierType, Exception exception);
/// <summary> /// Creates the base audit. /// </summary> /// <param name="actionType">Type of the action.</param> /// <param name="eventTypeCode">The event type code.</param> /// <param name="eventIdentifierType">Type of the event identifier.</param> /// <param name="outcomeIndicator">The outcome indicator.</param> /// <returns>Returns the created base audit data.</returns> protected override AuditData CreateBaseAudit(ActionType actionType, AuditCode eventTypeCode, EventIdentifierType eventIdentifierType, OutcomeIndicator outcomeIndicator) { var audit = base.CreateBaseAudit(actionType, eventTypeCode, eventIdentifierType, outcomeIndicator); var remoteIp = GetLocalIPAddress(); try { // attempt to get the remote IP address remoteIp = this.Context.Request.ServerVariables["REMOTE_ADDR"]; } catch (Exception e) { Trace.TraceError($"Unable to retrieve remote IP address for auditing purposes: {e}"); } var userIdentifier = string.Empty; try { userIdentifier = this.Context.Request.Url.Host; } catch (Exception e) { Trace.TraceError($"Unable to retrieve request host URL for auditing purposes: {e}"); } // add the receiver audit.Actors.Add(new AuditActorData { UserName = Environment.UserName, UserIdentifier = userIdentifier, NetworkAccessPointId = Dns.GetHostName(), NetworkAccessPointType = NetworkAccessPointType.MachineName, AlternativeUserId = Process.GetCurrentProcess().Id.ToString(), ActorRoleCode = new List <AuditCode> { new AuditCode("110152", "DCM") } }); // add the sender audit.Actors.Add(new AuditActorData { UserIdentifier = remoteIp, NetworkAccessPointId = remoteIp, NetworkAccessPointType = NetworkAccessPointType.IPAddress, ActorRoleCode = new List <AuditCode> { new AuditCode("110153", "DCM") }, UserIsRequestor = true }); // add the user if this is an authenticated request if (this.Context.User?.Identity?.IsAuthenticated == true) { audit.Actors.Add(new AuditActorData { UserIdentifier = this.Context.User.Identity.Name, UserIsRequestor = true, NetworkAccessPointId = remoteIp, NetworkAccessPointType = NetworkAccessPointType.IPAddress, ActorRoleCode = new List <AuditCode> { new AuditCode("6", "AuditableObjectRole") } }); } else { // add the anonymous actor if the request isn't authenticated audit.Actors.Add(new AuditActorData { UserIdentifier = "Anonymous", UserIsRequestor = true, NetworkAccessPointId = remoteIp, NetworkAccessPointType = NetworkAccessPointType.IPAddress, ActorRoleCode = new List <AuditCode> { new AuditCode("6", "AuditableObjectRole") } }); } try { if (outcomeIndicator != OutcomeIndicator.Success) { // add the object detail using (var memoryStream = new MemoryStream()) { var detail = new ObjectDataExtension { Key = "HTTPMessage" }; using (var streamWriter = new StreamWriter(memoryStream, Encoding.UTF8)) { streamWriter.WriteLine("<?xml version=\"1.0\"?><Request><![CDATA["); streamWriter.WriteLine("{0} {1} HTTP/1.1", this.Context.Request.HttpMethod, this.Context.Request.Url); for (var i = 0; i < this.Context.Request.Headers.Keys.Count; i++) { streamWriter.WriteLine("{0} : {1}", this.Context.Request.Headers.Keys[i], this.Context.Request.Headers[i]); } // Only output if request is not sensitive if (!this.IsRequestSensitive) { using (var sr = new StreamReader(this.Context.Request.InputStream)) { streamWriter.WriteLine("\r\n{0}", sr.ReadToEnd()); } } else { streamWriter.WriteLine("*********** SENSITIVE REQUEST REDACTED ***********"); } streamWriter.WriteLine("]]></Request>"); streamWriter.Flush(); detail.Value = memoryStream.GetBuffer().Take((int)memoryStream.Length).ToArray(); } var auditableObject = new AuditableObject { IDTypeCode = AuditableObjectIdType.Uri, ObjectId = this.Context.Request.Url.ToString(), Role = AuditableObjectRole.Query, Type = AuditableObjectType.SystemObject }; auditableObject.ObjectData.Add(detail); audit.AuditableObjects.Add(auditableObject); } } } catch (Exception e) { Trace.TraceError($"Unable to add object detail to audit message: {e}"); } return(audit); }
/// <summary> /// Creates the security resource delete audit. /// </summary> /// <param name="securityEntity">The security entity.</param> /// <param name="eventTypeCode">The event type code.</param> /// <param name="outcomeIndicator">The outcome indicator.</param> /// <returns>Returns the created audit.</returns> protected virtual AuditData CreateSecurityResourceDeleteAudit(T securityEntity, AuditCode eventTypeCode, OutcomeIndicator outcomeIndicator) { var audit = this.CreateBaseAudit(ActionType.Delete, eventTypeCode, EventIdentifierType.ApplicationActivity, outcomeIndicator); if (typeof(T) == typeof(SecurityUser)) { audit.AuditableObjects.Add(this.CreateBaseAuditableObject(AuditableObjectIdType.UserIdentifier, AuditableObjectLifecycle.LogicalDeletion, securityEntity.Key.ToString(), AuditableObjectRole.SecurityUser, AuditableObjectType.Person)); } else if (typeof(T) == typeof(SecurityRole)) { audit.AuditableObjects.Add(this.CreateBaseAuditableObject(AuditableObjectIdType.UserIdentifier, AuditableObjectLifecycle.LogicalDeletion, securityEntity.Key.ToString(), AuditableObjectRole.SecurityGroup, AuditableObjectType.Other)); } else { audit.AuditableObjects.Add(this.CreateBaseAuditableObject(AuditableObjectIdType.UserIdentifier, AuditableObjectLifecycle.LogicalDeletion, securityEntity.Key.ToString(), AuditableObjectRole.SecurityResource, AuditableObjectType.Other)); } return(audit); }
/// <summary> /// Creates the security resource query audit. /// </summary> /// <param name="eventTypeCode">The event type code.</param> /// <param name="outcomeIndicator">The outcome indicator.</param> /// <returns>Returns the created audit.</returns> protected virtual AuditData CreateSecurityResourceQueryAudit(AuditCode eventTypeCode, OutcomeIndicator outcomeIndicator) { return(this.CreateBaseAudit(ActionType.Read, eventTypeCode, EventIdentifierType.ApplicationActivity, outcomeIndicator)); }