Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Epic EMR/EHR System

Integration Points

Method Information discovered Metrics collected LOGs collected Used for
Syslog Host name, Reporting IP None Authentication Query, Client login Query Security monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "Epic-SecuritySIEM" to see the event types associated with this device. There are two events that are parsed:

  • Epic-SecuritySIEM-AUTHENTICATION-Query
  • Epic-SecuritySIEM-LOGIN-Query

Rules

No specific rules are written for Epic-SecuritySIEM.

Reports

No specific reports are written for Epic-SecuritySIEM.

Configuration

Configure the Epic-SecuritySIEM system to send logs to FortiSIEM in the supported format (see Sample Events).

Settings for Access Credentials

None required.

Sample Events

Oct 19 05:32:16 10.25.8.111 CEF:0|Epic|Security-SIEM|8.3.0|LOGIN|LOGIN|4|cnt=1

suser=3227^DOE, JOHN L^JOHN-DOE shost=PRD workstationID=WS7946 act=Query

end=Oct 19 00:30:00 flag=^^Workflow Logging CLIENTNAME=dom1/WS7946

DEP=100000010^RMC ICU MAIN IP=10.25.6.59/10.170.10.66 LOGINLDAPID=JOHN-DOE

LOGINREASON= OSUSR=WS7946 ROLE=MODEL IP NURSE SOURCE=1-Hyperspace

USERJOB=304401^RMC INPATIENT NURSE TEMPLATE#011

 

Oct 19 05:32:16 10.25.8.111 CEF:0|Epic|Security-SIEM|8.3.0|AUTHENTICATION|AUTHENTICATION|4|cnt=1

suser=3055^DOE, JOHN^JOHN-DOE shost=PRD workstationID=WS7610 act=Query end=Oct 19 00:30:00

flag=Access History^^Workflow Logging LOGINCONTEXT=0-Login

LOGINDEVICE=10001-ImprivataAuthMultiApp LOGINLDAPID=JOHN-DOE LOGINREVAL= 011

Epic EMR/EHR System

Integration Points

Method Information discovered Metrics collected LOGs collected Used for
Syslog Host name, Reporting IP None Authentication Query, Client login Query Security monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "Epic-SecuritySIEM" to see the event types associated with this device. There are two events that are parsed:

  • Epic-SecuritySIEM-AUTHENTICATION-Query
  • Epic-SecuritySIEM-LOGIN-Query

Rules

No specific rules are written for Epic-SecuritySIEM.

Reports

No specific reports are written for Epic-SecuritySIEM.

Configuration

Configure the Epic-SecuritySIEM system to send logs to FortiSIEM in the supported format (see Sample Events).

Settings for Access Credentials

None required.

Sample Events

Oct 19 05:32:16 10.25.8.111 CEF:0|Epic|Security-SIEM|8.3.0|LOGIN|LOGIN|4|cnt=1

suser=3227^DOE, JOHN L^JOHN-DOE shost=PRD workstationID=WS7946 act=Query

end=Oct 19 00:30:00 flag=^^Workflow Logging CLIENTNAME=dom1/WS7946

DEP=100000010^RMC ICU MAIN IP=10.25.6.59/10.170.10.66 LOGINLDAPID=JOHN-DOE

LOGINREASON= OSUSR=WS7946 ROLE=MODEL IP NURSE SOURCE=1-Hyperspace

USERJOB=304401^RMC INPATIENT NURSE TEMPLATE#011

 

Oct 19 05:32:16 10.25.8.111 CEF:0|Epic|Security-SIEM|8.3.0|AUTHENTICATION|AUTHENTICATION|4|cnt=1

suser=3055^DOE, JOHN^JOHN-DOE shost=PRD workstationID=WS7610 act=Query end=Oct 19 00:30:00

flag=Access History^^Workflow Logging LOGINCONTEXT=0-Login

LOGINDEVICE=10001-ImprivataAuthMultiApp LOGINLDAPID=JOHN-DOE LOGINREVAL= 011