Security Logs Generated in Oracle Health Insurance

This section describes the security log events generated by Oracle Health Insurance (OHI). These logs help you monitor system activity, track user actions, and detect security-related events.

Overview

OHI generates security logs for the following categories:

Access control
Authentication and authorization
Credential management
Data file access and security
Intrusion detection
Key management
Property management
Secure data access
User provisioning

Security Log Events

The following attributes describe each security log event:

eventCategory: All security events are categorized into distinct categories.
eventType: Provides a brief description of the security event being logged.
eventOutcome: Indicates the outcome of the event. Possible values are SUCCESS or FAILURE.
eventSeverity: Indicates the severity level of the event. Possible values are INFO, WARN, or ERROR.
httpStatusCode: Specifies the HTTP response status code associated with the request. This attribute can be null if the status code is not available at the time the event is logged.
failureReason: Provides the reason for a failure. This attribute will be non-null only where relevant.
apiEndpoint: Specifies the API endpoint that received the request.

Table 1. Security Log Events
Category	Type	Event	Description	Example	Severity	Outcome	HTTP Status	Failure Reason	API Endpoint
Access control	Access restriction created	Access restriction {accessRestrictionCode} created	Records when an access restriction is created.	Access restriction LOB_ACRE created	INFO	SUCCESS	201	NA	`api/generic/accessrestrictions`
Access control	Access restriction removed	Access restriction {accessRestrictionCode} removed	Records when an access restriction is removed.	Access restriction LOB_ACRE removed	INFO	SUCCESS	204	NA	`api/generic/accessrestrictions`
Access control	Access restriction updated	Access restriction {accessRestrictionCode} updated	Records when an access restriction is updated.	Access restriction LOB_ACRE updated	INFO	SUCCESS	200	NA	`api/generic/accessrestrictions`
Authentication	Login failed	Login failed	Records a failed login attempt when the user is not found or inactive.	Login failed	ERROR	FAILURE	401	User not found or inactive	Any API/IP
Authentication	Login success	Logged-in successfully	Records a successful login. Logged periodically based on system configuration property `ohi.ws.last.login.update.threshold` (default every 60 mins).	Logged-in successfully	INFO	SUCCESS	NA	NA	Any API/IP
Authorization	Insufficient permissions	User {username} has insufficient access permissions	Records when a user tries to access a resource without required permissions.	User (testuser) has insufficient access permissions	WARN	FAILURE	403	Authentication or authorization error	Any API/IP
Credential management	Credential reset	Credential {credentialKey} is (re)set	Records when a client credential is reset or set.	Credential ORMB_CRED is (re)set	INFO	SUCCESS	201	NA	`api/credentials`
Credential management	Credential removed	Credential {credentialKey} is removed	Records when a client credential is deleted in the user access resource.	Credential ORMB_CRED is removed	INFO	SUCCESS	204	NA	`api/credentials`
Credential management	Client secret reset	Credential (re)set for OAuth client configuration {clientConfigId}	Records when an OAuth client secret is reset.	Credential (re)set for OAuth client configuration OC-100	INFO	SUCCESS	NA	NA	`api/oauthclientconfigurations`
Data file access	Data file downloaded	Downloaded data file {dataFileCode} of data file set {dataFileSetCode}	Records when a data file is downloaded from a data file sets.	Downloaded data file DF-42 of data file set DFS-9001	INFO	SUCCESS	200	NA	`api/datafilesets`
Data file security	Malware detected	Data file set {dataFileSetCode} uploaded with malware contents	Records malware detected in an uploaded data file set.	Data file set DFS-9001 uploaded with malware contents	ERROR	FAILURE	NA	Malware detected in data file set	NA
Data file security	Malware detected	Data file {dataFileCode} for data file set {dataFileSetCode} uploaded with malware contents	Records malware detected in a specific data file within a data file set.	Data file DF-42 for data file set DFS-9001 uploaded with malware contents	ERROR	FAILURE	NA	Malware detected in data file	NA
Intrusion detection	Intrusion detected	{exceptionMessage}	Records the exception message when a request is rejected due to unsafe or malicious input.	INTRUSION - Multiple (3x) and mixed encoding (3x) detected	ERROR	FAILURE	400	Intrusion detected	Any API/IP
Key management	Keystore created	Keystore {keyStoreName} created	Records when a keystore is created.	Keystore KS-1 created	INFO	SUCCESS	204	NA	`api/keystores`
Key management	Keystore removed	Keystore {keyStoreName} removed	Records when a keystore is removed.	Keystore KS-1 removed	INFO	SUCCESS	204	NA	`api/keystores`
Key management	Key added	A key added to the keystore {keyStoreName}	Records when a key pair is added to a keystore.	A key added to the keystore KS-1	INFO	SUCCESS	204	NA	`api/keystores`
Key management	Key removed	A key removed from the keystore {keyStoreName}	Records when a key pair is removed from a keystore.	A key removed from the keystore KS-1	INFO	SUCCESS	204	NA	`api/keystores`
Property management	Property created	Property {0} created with value {1}	Records when OHI property is created in the application.	OHI Property `ohi.connector.event.aggregation.activated` created with value `true`	INFO	SUCCESS	201	NA	`api/generic/properties`
Property management	Property updated	Property {0} updated with value {1}	Records when an existing OHI property is updated in the application.	OHI Property `ohi.connector.event.aggregation.activated` updated with value `false`	INFO	SUCCESS	200	NA	`api/generic/properties`
Property management	Property deleted	Property {0} deleted	Records when an existing OHI property is deleted in the application.	OHI Property `ohi.connector.event.aggregation.activated` is deleted	INFO	SUCCESS	204	NA	`api/generic/properties`
Secure data access	Database view accessed	Data accessed from view {viewCode}	Records access to PHI or secure data from a specific database view.	Data accessed from view REL_RELATIONS_BV	INFO	SUCCESS	NA	NA	`api/datatransfer` or `api/operationalreporting`
Secure data access	Resource extracted	Resource {collectionName} extracted	Records extraction of a resource containing PHI data using extract IP.	Resource relations extracted	INFO	SUCCESS	NA	NA	NA (batch process)
User provisioning	User created	User {userLoginName} is created	Records when a user is created during provisioning.	User (testuser) is created	INFO	SUCCESS	201	NA	`api/users`
User provisioning	User updated	User {userLoginName} is updated during provisioning	Records when a user is updated.	User (testuser) is updated.	INFO	SUCCESS	200	NA	`api/users`
User provisioning	User deleted	User {userLoginName} is deleted	Records when a user is deleted during provisioning.	User (testuser) is deleted	INFO	SUCCESS	204	NA	`api/users`
User provisioning	Roles revoked	Roles: {roleCodes} are revoked from user {userLoginName}	Records when roles are removed from a user during provisioning	Roles `ALL_FUNCTIONS_ACCESS_ROLE` and `ALL_IP_ACCESS_ROLE` are revoked from user (testuser).	INFO	SUCCESS	200	NA	`api/users`
User provisioning	Roles added	New roles: {roleCodes} added for user {userLoginName}	Records when roles are assigned to a user during provisioning.	New roles `ALL_FUNCTIONS_ACCESS_ROLE` and `ALL_IP_ACCESS_ROLE` are added to user (testuser)	INFO	SUCCESS	200	NA	`api/users`