16#ifndef PACS_SECURITY_ATNA_AUDIT_LOGGER_HPP
17#define PACS_SECURITY_ATNA_AUDIT_LOGGER_HPP
269namespace atna_event_ids {
273 "110100",
"DCM",
"Application Activity"};
277 "110101",
"DCM",
"Audit Log Used"};
281 "110102",
"DCM",
"Begin Transferring DICOM Instances"};
285 "110103",
"DCM",
"DICOM Instances Accessed"};
289 "110104",
"DCM",
"DICOM Instances Transferred"};
293 "110105",
"DCM",
"DICOM Study Deleted"};
297 "110106",
"DCM",
"Export"};
301 "110107",
"DCM",
"Import"};
305 "110108",
"DCM",
"Network Entry"};
309 "110109",
"DCM",
"Order Record"};
313 "110110",
"DCM",
"Patient Record"};
317 "110111",
"DCM",
"Procedure Record"};
321 "110112",
"DCM",
"Query"};
325 "110113",
"DCM",
"Security Alert"};
329 "110114",
"DCM",
"User Authentication"};
337namespace atna_event_types {
341 "110120",
"DCM",
"Application Start"};
345 "110121",
"DCM",
"Application Stop"};
349 "110122",
"DCM",
"Login"};
353 "110123",
"DCM",
"Logout"};
361namespace atna_role_ids {
365 "110150",
"DCM",
"Application"};
369 "110151",
"DCM",
"Application Launcher"};
373 "110152",
"DCM",
"Destination Role ID"};
377 "110153",
"DCM",
"Source Role ID"};
381 "110154",
"DCM",
"Destination Media"};
385 "110155",
"DCM",
"Source Media"};
393namespace atna_object_id_types {
397 "2",
"RFC-3881",
"Patient Number"};
401 "110180",
"DCM",
"Study Instance UID"};
405 "110181",
"DCM",
"SOP Class UID"};
409 "110182",
"DCM",
"Node ID"};
451 const std::string& source_id,
452 const std::string& app_name,
468 const std::string& source_id,
469 const std::string& user_id,
470 const std::string& user_ip,
471 const std::string& study_uid,
472 const std::string& patient_id =
"",
490 const std::string& source_id,
491 const std::string& source_ae,
492 const std::string& source_ip,
493 const std::string& dest_ae,
494 const std::string& dest_ip,
495 const std::string& study_uid,
496 const std::string& patient_id =
"",
497 bool is_import =
true,
512 const std::string& source_id,
513 const std::string& user_id,
514 const std::string& user_ip,
515 const std::string& study_uid,
516 const std::string& patient_id =
"",
530 const std::string& source_id,
531 const std::string& user_id,
532 const std::string& user_ip,
533 const std::string& alert_description,
547 const std::string& source_id,
548 const std::string& user_id,
549 const std::string& user_ip,
565 const std::string& source_id,
566 const std::string& user_id,
567 const std::string& user_ip,
568 const std::string& query_data,
569 const std::string& patient_id =
"",
585 const std::string& source_id,
586 const std::string& user_id,
587 const std::string& user_ip,
588 const std::string& dest_id,
589 const std::string& study_uid,
590 const std::string& patient_id =
"",
598 [[nodiscard]]
static std::string
xml_escape(
const std::string& str);
601 std::chrono::system_clock::time_point tp);
RFC 3881 XML audit message generator.
static atna_audit_message build_dicom_instances_transferred(const std::string &source_id, const std::string &source_ae, const std::string &source_ip, const std::string &dest_ae, const std::string &dest_ip, const std::string &study_uid, const std::string &patient_id="", bool is_import=true, atna_event_outcome outcome=atna_event_outcome::success)
Build DICOM Instances Transferred audit message (C-STORE, C-MOVE)
static std::string format_coded_value_attrs(const atna_coded_value &cv)
static std::string to_xml(const atna_audit_message &message)
Serialize an audit message to RFC 3881 XML.
static atna_audit_message build_study_deleted(const std::string &source_id, const std::string &user_id, const std::string &user_ip, const std::string &study_uid, const std::string &patient_id="", atna_event_outcome outcome=atna_event_outcome::success)
Build Study Deleted audit message.
static std::string xml_escape(const std::string &str)
static atna_audit_message build_application_activity(const std::string &source_id, const std::string &app_name, bool is_start, atna_event_outcome outcome=atna_event_outcome::success)
Build Application Activity audit message (start/stop)
static atna_audit_message build_export(const std::string &source_id, const std::string &user_id, const std::string &user_ip, const std::string &dest_id, const std::string &study_uid, const std::string &patient_id="", atna_event_outcome outcome=atna_event_outcome::success)
Build Export audit message (media/network export)
static std::string format_datetime(std::chrono::system_clock::time_point tp)
static atna_audit_message build_security_alert(const std::string &source_id, const std::string &user_id, const std::string &user_ip, const std::string &alert_description, atna_event_outcome outcome=atna_event_outcome::serious_failure)
Build Security Alert audit message.
static atna_audit_message build_user_authentication(const std::string &source_id, const std::string &user_id, const std::string &user_ip, bool is_login, atna_event_outcome outcome=atna_event_outcome::success)
Build User Authentication audit message (login/logout)
static atna_audit_message build_query(const std::string &source_id, const std::string &user_id, const std::string &user_ip, const std::string &query_data, const std::string &patient_id="", atna_event_outcome outcome=atna_event_outcome::success)
Build Query audit message (C-FIND, QIDO-RS)
static atna_audit_message build_dicom_instances_accessed(const std::string &source_id, const std::string &user_id, const std::string &user_ip, const std::string &study_uid, const std::string &patient_id="", atna_event_outcome outcome=atna_event_outcome::success)
Build DICOM Instances Accessed audit message (C-FIND, QIDO-RS)
const atna_coded_value dicom_instances_accessed
DICOM Instances Accessed (110103)
const atna_coded_value query
Query (110112)
const atna_coded_value begin_transferring
Begin Transferring DICOM Instances (110102)
const atna_coded_value user_authentication
User Authentication (110114)
const atna_coded_value data_import
Import (110107)
const atna_coded_value security_alert
Security Alert (110113)
const atna_coded_value network_entry
Network Entry (110108)
const atna_coded_value order_record
Order Record (110109)
const atna_coded_value procedure_record
Procedure Record (110111)
const atna_coded_value dicom_instances_transferred
DICOM Instances Transferred (110104)
const atna_coded_value audit_log_used
Audit Log Used (110101)
const atna_coded_value dicom_study_deleted
DICOM Study Deleted (110105)
const atna_coded_value data_export
Export (110106)
const atna_coded_value application_activity
Application Activity (110100) — Start/Stop.
const atna_coded_value login
Login.
const atna_coded_value application_start
Application Start.
const atna_coded_value application_stop
Application Stop.
const atna_coded_value logout
Logout.
const atna_coded_value sop_class_uid
SOP Class UID.
const atna_coded_value study_instance_uid
Study Instance UID.
const atna_coded_value node_id
Node ID.
const atna_coded_value patient_number
Patient Number (RFC 3881 defined)
const atna_coded_value application_launcher
Application Launcher (110151)
const atna_coded_value source_media
Source Media (110155)
const atna_coded_value application
Application (110150)
const atna_coded_value source
Source Role ID (110153)
const atna_coded_value destination
Destination Role ID (110152)
const atna_coded_value destination_media
Destination Media (110154)
atna_object_role
Role of the participant object in the event.
@ security_granularity_def
atna_object_type
Type of participant object.
atna_network_access_type
Type of network access point identifier.
atna_event_action
Action that triggered the audit event.
atna_event_outcome
Outcome of the audited event.
An active participant in the audit event.
std::string network_access_point_id
Network access point (hostname or IP)
std::string user_id
User or process identifier.
bool user_is_requestor
Whether this participant initiated the event.
std::vector< atna_coded_value > role_id_codes
Role(s) of this participant.
atna_network_access_type network_access_point_type
Type of network access point.
std::string alternative_user_id
Alternative user ID (e.g., process name)
std::string user_name
Human-readable user name.
Complete RFC 3881 audit message.
atna_event_action event_action
Action that triggered the event.
std::vector< atna_participant_object > participant_objects
Participant objects (patients/studies/queries)
std::vector< atna_coded_value > event_type_codes
Event type codes for sub-classification.
atna_event_outcome event_outcome
Outcome of the event.
atna_coded_value event_id
Event ID coded value (e.g., DCM 110114 = UserAuthentication)
atna_audit_source audit_source
Audit source identification.
std::vector< atna_active_participant > active_participants
Active participants (users/processes)
std::chrono::system_clock::time_point event_date_time
When the event occurred.
Identifies the audit source system.
std::string audit_source_id
Unique identifier for the audit source.
std::vector< uint8_t > audit_source_type_codes
Audit source type codes (optional)
std::string audit_enterprise_site_id
Enterprise site identifier (optional)
A coded value with code, code system name, and display name.
std::string code
Code value (e.g., "110114")
std::string code_system_name
Code system name (e.g., "DCM" for DICOM)
std::string display_name
Human-readable display name (e.g., "UserAuthentication")
Additional detail about a participant object.
std::string value
Detail value.
std::string type
Detail type.
An object (patient, study, query) involved in the event.
std::string object_id
Object identifier (e.g., Patient ID, Study UID)
std::vector< atna_object_detail > object_details
Additional details.
std::string object_query
Query data (base64 encoded, for query events)
atna_object_role object_role
Role of the object in the event.
atna_object_type object_type
Object type.
atna_coded_value object_id_type_code
Object ID type code.
std::string object_name
Human-readable object name.
1.12.0