UNPKG

@interoperability/atna-audit-messages

Version:

The ATNA Audit Messages Generator is a JavaScript library that provides a set of reusable static methods for generating Audit Trail and Node Authentication (ATNA) compliant audit messages. This library is particularly useful in healthcare systems and othe

116 lines (112 loc) 8.92 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.ATNAMessage = void 0; var _ActiveParticipant = require("./ActiveParticipant"); var _AuditMessage = require("./AuditMessage.js"); var _AuditSourceIdentification = require("./AuditSourceIdentification.js"); var _Code = require("./Code"); var _EventIdentification = require("./EventIdentification"); var _ParticipantObjectIdentification = require("./ParticipantObjectIdentification.js"); var _constants = require("../constants.js"); /** * ATNA class provides static methods for generating ATNA-compliant audit messages. */ class ATNAMessage { /** * Generates a user login audit message. * @param {string} outcome - The outcome of the login attempt. * @param {string} sysname - The system name. * @param {string} hostname - The hostname of the system. * @param {string} username - The username of the logged-in user. * @param {string} userRole - The role of the user. * @param {string} userRoleCode - The role code of the user. * @returns {XMLElement} - The XML representation of the user login audit message. */ static userLoginAudit(outcome, sysname, hostname, username, userRole, userRoleCode) { let eventID = new _Code.Code(110114, 'DCM').setOriginalText('UserAuthenticated'); let typeCode = new _Code.Code(110122, 'DCM').setOriginalText('Login'); let eIdent = new _EventIdentification.EventIdentification(_constants.EventOutcomeIndicator.OUTCOME_SUCCESS, new Date(), outcome).setEventID(eventID).setTypeCode(typeCode); let sysRoleCode = new _Code.Code(110150, 'DCM').setOriginalText('Application'); let sysParticipant = new _ActiveParticipant.ActiveParticipant(sysname, '', false).setNetworkAccessPointID(hostname).setNetworkAccessPointTypeCode(_constants.NetworkAccessPointType.NET_AP_TYPE_DNS).setRoleIDCodes([sysRoleCode]); let userRoleCodeDef = new _Code.Code(userRole, userRoleCode).setOriginalText(userRole); let userParticipant = new _ActiveParticipant.ActiveParticipant(username, '', true).setRoleIDCodes([userRoleCodeDef]); let sourceTypeCode = new _Code.Code(_constants.AuditSourceTypeCode.AUDIT_SRC_TYPE_UI, ''); let sourceIdent = new _AuditSourceIdentification.AuditSourceIdentification(null, sysname, sourceTypeCode); let audit = new _AuditMessage.AuditMessage(eIdent).setActiveParticipant([sysParticipant, userParticipant]).setAuditSourceIdentification(sourceIdent); return audit.toXML(); } /** * Generates an application activity audit message. * @param {boolean} isStart - Indicates whether the application is starting or stopping. * @param {string} sysname - The system name. * @param {string} hostname - The hostname of the system. * @param {string} username - The username of the user associated with the activity. * @returns {XMLElement} - The XML representation of the application activity audit message. */ static appActivityAudit(isStart, sysname, hostname, username = 'root') { let eventID = new _Code.Code(110100, 'DCM').setOriginalText('Application Activity'); let typeCode = isStart ? new _Code.Code(110120, 'DCM').setOriginalText('Application Start') : new _Code.Code(110121, 'DCM').setOriginalText('Application Stop'); let eIdent = new _EventIdentification.EventIdentification(_constants.EventActionType.EVENT_ACTION_EXECUTE, new Date(), _constants.EventOutcomeIndicator.OUTCOME_SUCCESS).setEventID(eventID).setTypeCode(typeCode); let sysRoleCode = new _Code.Code(110150, 'DCM').setOriginalText('Application'); let sysParticipant = new _ActiveParticipant.ActiveParticipant(sysname, '', false).setNetworkAccessPointID(hostname).setNetworkAccessPointTypeCode(_constants.NetworkAccessPointType.NET_AP_TYPE_DNS).setRoleIDCodes([sysRoleCode]); let userRoleCodeDef = new _Code.Code(110151, 'DCM').setOriginalText('Application Launcher'); let userParticipant = new _ActiveParticipant.ActiveParticipant(username, '', true).setRoleIDCodes([userRoleCodeDef]); let sourceTypeCode = new _Code.Code(_constants.AuditSourceTypeCode.AUDIT_SRC_TYPE_WEB_SERVER, ''); let sourceIdent = new _AuditSourceIdentification.AuditSourceIdentification(null, sysname, sourceTypeCode); let audit = new _AuditMessage.AuditMessage(eIdent).setActiveParticipant([sysParticipant, userParticipant]).setAuditSourceIdentification(sourceIdent); return audit.toXML(); } /** * Generates an audit log used audit message. * @param {string} outcome - The outcome of the audit log access. * @param {string} sysname - The system name. * @param {string} hostname - The hostname of the system. * @param {string} username - The username of the user accessing the audit log. * @param {string} userRole - The role of the user. * @param {string} userRoleCode - The role code of the user. * @param {string} auditLogURI - The URI of the accessed audit log. * @param {ValuePair} objDetails - Additional details about the accessed object. * @returns {XMLElement} - The XML representation of the audit log used audit message. */ static auditLogUsedAudit(outcome, sysname, hostname, username, userRole, userRoleCode, auditLogURI, objDetails = null) { let eventID = new _Code.Code(110101, 'DCM').setOriginalText('Audit Log Used'); let eIdent = new _EventIdentification.EventIdentification(_constants.EventActionType.EVENT_ACTION_READ, new Date(), outcome).setEventID(eventID); let sysRoleCode = new _Code.Code(110150, 'DCM').setOriginalText('Application'); let sysParticipant = new _ActiveParticipant.ActiveParticipant(sysname, '', false).setNetworkAccessPointID(hostname).setNetworkAccessPointTypeCode(_constants.NetworkAccessPointType.NET_AP_TYPE_DNS, [sysRoleCode]); let userRoleCodeDef = new _Code.Code(userRole, userRoleCode).setOriginalText(userRole); let userParticipant = new _ActiveParticipant.ActiveParticipant(username, '', true).setRoleIDCodes([userRoleCodeDef]); let sourceTypeCode = new _Code.Code(_constants.AuditSourceTypeCode.AUDIT_SRC_TYPE_UI, ''); let sourceIdent = new _AuditSourceIdentification.AuditSourceIdentification(null, sysname, sourceTypeCode); let objIdTypeCode = new _Code.Code(_constants.ParticipantObjectIDTypeCode.OBJ_ID_TYPE_URI, 'URI'); let participantObj = new _ParticipantObjectIdentification.ParticipantObjectIdentification(auditLogURI).setParticipantObjectTypeCode(_constants.ParticipantObjectTypeCode.OBJ_TYPE_SYS_OBJ).setParticipantObjectTypeCodeRole(_constants.ParticipantObjectTypeCodeRole.OBJ_TYPE_CODE_ROLE_SECURITY_RESOURCE).setParticipantObjectIDTypeCode(objIdTypeCode).setParticipantObjectName('Security Audit Log'); if (objDetails) { participantObj.setParticipantObjectDetail(objDetails); } let audit = new _AuditMessage.AuditMessage(eIdent).setActiveParticipant([sysParticipant, userParticipant]).setParticipantObjectIdentification([participantObj]).setAuditSourceIdentification(sourceIdent); return audit.toXML(); } /** * Generates a node authentication audit message. * @param {string} nodeIP - The IP address of the authenticated node. * @param {string} sysname - The system name. * @param {string} hostname - The hostname of the system. * @param {string} outcome - The outcome of the node authentication. * @returns {XMLElement} - The XML representation of the node authentication audit message. */ static nodeAuthentication(nodeIP, sysname, hostname, outcome) { let eventID = new _Code.Code(110113, 'DCM').setOriginalText('Security Alert'); let typeCode = new _Code.Code(110126, 'DCM').setOriginalText('Node Authentication'); let eIdent = new _EventIdentification.EventIdentification(_constants.EventActionType.EVENT_ACTION_EXECUTE, new Date(), outcome).setEventID(eventID).setTypeCode(typeCode); let sysRoleCode = new _Code.Code(110150, 'DCM').setOriginalText('Application'); let sysParticipant = new _ActiveParticipant.ActiveParticipant(sysname, '', false).setNetworkAccessPointID(hostname).setNetworkAccessPointTypeCode(_constants.NetworkAccessPointType.NET_AP_TYPE_DNS).setRoleIDCodes([sysRoleCode]); let objIdTypeCode = new _Code.Code(110182, 'DCM').setOriginalText('Node ID'); let nodeParticipant = new _ParticipantObjectIdentification.ParticipantObjectIdentification(nodeIP).setParticipantObjectTypeCode(2).setParticipantObjectIDTypeCode(objIdTypeCode).setParticipantObjectName(nodeIP); let sourceTypeCode = new _Code.Code(_constants.AuditSourceTypeCode.AUDIT_SRC_TYPE_WEB_SERVER, ''); let sourceIdent = new _AuditSourceIdentification.AuditSourceIdentification(null, sysname, sourceTypeCode); let audit = new _AuditMessage.AuditMessage(eIdent).setActiveParticipant([sysParticipant]).setParticipantObjectIdentification([nodeParticipant]).setAuditSourceIdentification(sourceIdent); return audit.toXML(); } } exports.ATNAMessage = ATNAMessage;