Skip to main content

AuditEvent

A record of an event made for purposes of maintaining a security log. Typical uses include detection of intrusion attempts and monitoring for inappropriate usage.

Structure

Search Parameters

_haste-health-author (reference)
The author of the resource
Resource.meta.extension.where(url='https://haste.health/author').value
_type (token)
Derived from the R4B Definition
$this.type().name
_text (string)
Search on the narrative of the resource
_content (string)
Search on the entire content of the resource
_id (token)
Logical id of this artifact
Resource.id
_lastUpdated (date)
When the resource version last changed
Resource.meta.lastUpdated
_profile (uri)
Profiles this resource claims to conform to
Resource.meta.profile
_query (token)
A custom search profile that describes a specific defined query operation
_security (token)
Security Labels applied to this resource
Resource.meta.security
_source (uri)
Identifies where the resource comes from
Resource.meta.source
_tag (token)
Tags applied to this resource
Resource.meta.tag
action (token)
Type of action performed during the event
AuditEvent.action
address (string)
Identifier for the network access point of the user device
AuditEvent.agent.network.address
agent (reference)
Identifier of who
AuditEvent.agent.who
agent-name (string)
Human friendly name for the agent
AuditEvent.agent.name
agent-role (token)
Agent role in the event
AuditEvent.agent.role
altid (token)
Alternative User identity
AuditEvent.agent.altId
date (date)
Time when the event was recorded
AuditEvent.recorded
entity (reference)
Specific instance of resource
AuditEvent.entity.what
entity-name (string)
Descriptor for entity
AuditEvent.entity.name
entity-role (token)
What role the entity played
AuditEvent.entity.role
entity-type (token)
Type of entity involved
AuditEvent.entity.type
outcome (token)
Whether the event succeeded or failed
AuditEvent.outcome
patient (reference)
Identifier of who
AuditEvent.agent.who.where(resolve() is Patient) / AuditEvent.entity.what.where(resolve() is Patient)
policy (uri)
Policy that authorized event
AuditEvent.agent.policy
site (token)
Logical source location within the enterprise
AuditEvent.source.site
source (reference)
The identity of source detecting the event
AuditEvent.source.observer
subtype (token)
More specific type/id for the event
AuditEvent.subtype
type (token)
Type/identifier of event
AuditEvent.type