Integration Definition of SDF Log Enhancement Items
Version Control
| version | Author | Date | Change log |
|---|---|---|---|
| 1.0 | Onamgyu | 2025-07-08 | First Draft |
| 1.1 | Onamgyu | 2025-07-16 | Correction |
Integration Definition of SDF Log Enhancement Items
1. Integrated Tracking Goals and Background
- User Identification for Encryption/Decryption Request (ID / Name / Department)
- Document Identification Information (Name / Size / ID / Lineage)
- Encryption/Decryption Request System and System Name (System Name in Logs / UI Name)
- Security Level Flow Tracking (C/S/O Level Based on DRM Hidden Information)
- Request Event Classification and Timing Information (ENCRYPT, DECRYPT, as well as UPLOAD, DOWNLOAD, etc.)
- Network Identification Information (IP Address)
- Document Recipient Tracking (optional)
2. Organizing Integrated Log Entries
| item | Description | Collection Status | Example / Note |
|---|---|---|---|
| user.id / user.name / user.depart | User Information | ⭕ | "user": {"id": "kimjh", "name": "김지현", "depart": "보안팀"} |
| file.name / file.size / file.ext | File Name / Size / Extension | ⭕ | "file": {"name": "계약서.pdf", "size": 204800, "ext": "pdf"} |
| file.id / file.fid | Document Unique ID and Genealogy ID | ⭕ | "file": {"id": "a123", "fid": "root123"} |
| source.name | Call System Name | ⭕ | "source": {"name": "SHIELD-WEB"} |
| systemRegisteredName | Administrator UI Standard System Name | ❌ | Example:"systemRegisteredName": "SHIELDrive-WEB"(Additional needed) |
| file.typePrevDetail | Security Policy Before Encryption (DS) | ⭕ | "typePrevDetail": {"encType": "GRADE"} |
| file.typeDetail | Security Policy After Encryption (DS) | ⭕ | "typeDetail": {"encType": "GRADE"} |
| documentHeader.classification | Security Level Inserted in Plain Text Document Header (C/S/O) | ❌ | Example:"classification": "C"(Parsing of hidden information required) |
| event | Event Classification (ENCRYPT, DECRYPT, etc.) | ⭕ | "event": "ENCRYPT" |
| ip | Request System IP | ⭕ | "ip": "192.168.10.15" |
| time | Event Occurrence Time | ⭕ | "time": 1723106400000 |
3. Detailed Supplementary Reasons for Uncollected Items
| item | Reason for Necessity |
|---|---|
| systemRegisteredName | The source.name alone is not sufficient for system differentiation. It must be mapped to a name that can be identified on the admin screen. |
| documentHeader.classification | Essential for tracking security policies (C/S/O). This is the value inserted as hidden information in the plaintext document after decrypting the DRM document, and it needs to be recorded in the logs. |