- User Authentication Prompt (Mensaje de autenticación de usuario)
- El registro del mensaje de autenticación de usuario se genera cuando un proceso solicita los derechos administrativos de un usuario.
- Log Level (Nivel de registro)
- 1
- Requiere ajuste detallado.
- No
Ejemplo de AUE_auth_user
Este es un ejemplo de registro de telemetría para un evento de mensaje de autenticación de usuario.
{
"exec_chain": {
"uuid": "4AD27D08-22C6-46C5-9E1B-27E9CCD4772C"
},
"exec_chain_child": {
"parent_path": "/bin/zsh",
"parent_pid": 1778,
"parent_uuid": "17E1AC5C-544B-4915-96D0-FF17F75D61A6"
},
"header": {
"time_seconds_epoch": 1657906950,
"time_milliseconds_offset": 497,
"version": 11,
"event_modifier": 0,
"event_id": 45023,
"event_name": "AUE_auth_user"
},
"host_info": {
"serial_number": "C03WG0H4HDTS",
"host_name": "Test_MacBook_Pro",
"osversion": "Version 12.4 (Build 21F79)",
"host_uuid": "8891C1E2-0AC0-4E4A-844B-EA491B14D115"
},
"identity": {
"signer_id": "com.apple.opendirectoryd",
"team_id_truncated": false,
"signer_id_truncated": false,
"cd_hash": "68d22bdec020f20010bfa9d27cd5f69d78427636",
"team_id": "",
"signer_type": 1
},
"key": "E0C3B32B-CFA5-44C7-916D-ABD5F10388DE",
"return": {
"error": 0,
"description": "success",
"return_value": 0
},
"subject": {
"session_id": 1770,
"group_id": 20,
"process_name": "/usr/bin/sudo",
"parent_pid": 1778,
"effective_user_name": "root",
"user_id": 0,
"group_name": "staff",
"parent_uuid": "17E1AC5C-544B-4915-96D0-FF17F75D61A6",
"uuid": "4AD27D08-22C6-46C5-9E1B-27E9CCD4772C",
"effective_group_id": 20,
"process_hash": "c0b8d427c8381e91d88daaf426556fbd54e8c017",
"audit_id": 501,
"responsible_process_id": 1770,
"parent_path": "/bin/zsh",
"process_id": 1900,
"effective_group_name": "staff",
"audit_user_name": "jamf",
"effective_user_id": 0,
"terminal_id": {
"type": 4,
"ip_address": "0.0.0.0",
"port": 4817
},
"responsible_process_name": "/usr/sbin/sshd",
"user_name": "root"
},
"texts": [
"Verify password for record type Users 'jamf' node '/Local/Default'"
]
}