AUE_mount

Documentación de implementación sin conexión de Jamf Protect

Solution

Application

Content Type

Documentación técnica

Utilities & Services

ft:locale

es-ES

Mount Drive (Montar unidad): El registro de montaje de unidad se genera cuando un proceso hace una llamada para montar una unidad física o virtual. Puede incluir sistemas de archivos en red, unidades externas y otros tipos de sistemas de archivos.
Log Level (Nivel de registro): 1
Requiere ajuste detallado.: No

Ejemplo de AUE_mount

Este es un ejemplo de registro de telemetría para un evento de montar unidad.

{
  "arguments": {
    "flags": 136315929
  },
  "attributes": {
    "device": 0,
    "owner_group_name": "wheel",
    "owner_user_id": 501,
    "owner_user_name": "test",
    "file_system_id": 16777224,
    "file_access_mode": 16457,
    "node_id": 1203817,
    "owner_group_id": 0
  },
  "exec_chain": {
    "uuid": "CA95BCEC-3E74-40F5-B822-78F58BFD0181"
  },
  "exec_chain_child": {
    "parent_path": "/sbin/mount",
    "parent_pid": 1852,
    "parent_uuid": "89C1FD71-B91D-411C-AD30-0AB60D64B951"
  },
  "header": {
    "time_seconds_epoch": 1657906405,
    "time_milliseconds_offset": 546,
    "version": 11,
    "event_modifier": 0,
    "event_id": 62,
    "event_name": "AUE_MOUNT"
  },
  "host_info": {
    "serial_number": "C03WG0H4HDTS",
    "host_name": "Test_MacBook_Pro",
    "osversion": "Version 12.4 (Build 21F79)",
    "host_uuid": "8891C1E2-0AC0-4E4A-844B-EA491B14D115"
  },
  "identity": {
    "signer_id": "com.apple.mount_hfs",
    "team_id_truncated": false,
    "signer_id_truncated": false,
    "cd_hash": "c4d5432721b0a0eb1b16a67c1bab40440b8a7b76",
    "team_id": "",
    "signer_type": 1
  },
  "key": "F36BF77C-0ECB-4A78-A3D4-9D662ABE123F",
  "path": [
    "/Volumes/Google Chrome",
    "/Volumes/Google Chrome"
  ],
  "return": {
    "error": 0,
    "description": "success",
    "return_value": 0
  },
  "subject": {
    "session_id": 100000,
    "group_id": 20,
    "process_name": "/System/Library/Filesystems/hfs.fs/Contents/Resources/mount_hfs",
    "parent_pid": 1852,
    "effective_user_name": "jamf",
    "user_id": 501,
    "group_name": "staff",
    "parent_uuid": "89C1FD71-B91D-411C-AD30-0AB60D64B951",
    "uuid": "CA95BCEC-3E74-40F5-B822-78F58BFD0181",
    "effective_group_id": 20,
    "process_hash": "5093a3e15b4f7267d0c12d0286d884aef2b75f53",
    "audit_id": 4294967295,
    "responsible_process_id": 104,
    "parent_path": "/sbin/mount",
    "process_id": 1853,
    "effective_group_name": "staff",
    "audit_user_name": "",
    "effective_user_id": 501,
    "terminal_id": {
      "type": 4,
      "ip_address": "0.0.0.0",
      "port": 0
    },
    "responsible_process_name": "/usr/libexec/diskarbitrationd",
    "user_name": "jamf"
  },
  "texts": [
    "hfs"
  ]
}