- Log Level (Nivel de registro)
- 1
- Requiere ajuste detallado.
- No
Ejemplo de AUE_PTRACE
Este es un ejemplo de registro de telemetría para un evento de ptrace.
{
"_event_score": 0,
"arguments": {
"addr": 0,
"data": 0,
"process": 8125,
"request": 31
},
"exec_chain_child": {
"parent_path": "/sbin/launchd",
"parent_pid": 1,
"parent_uuid": "84492D4D-24C3-472E-8C19-6417C51FA1D2"
},
"header": {
"event_id": 43002,
"event_modifier": 0,
"event_name": "AUE_PTRACE",
"time_milliseconds_offset": 270,
"time_seconds_epoch": 1571152560,
"version": 11
},
"host_info": {
"host_name": "Test_MacBook_Pro",
"host_uuid": "8891C1E2-0AC0-4E4A-844B-EA491B14D115",
"osversion": "Version 12.4 (Build 21F79)",
"primary_mac_address": "38:f9:e8:82:2b:11",
"serial_number": "C03WG0H4HDTS"
},
"identity": {
"cd_hash": "77e8b86b6a842fa7f0e86a289c48381784853517",
"signer_id": "com.apple.authorizationhost",
"signer_id_truncated": 0,
"signer_type": 1,
"team_id": "",
"team_id_truncated": 0
},
"return": {
"description": "success",
"error": 0,
"return_value": 0
},
"subject": {
"audit_id": 4294967295,
"audit_user_name": "-1",
"effective_group_id": 0,
"effective_group_name": "wheel",
"effective_user_id": 0,
"effective_user_name": "root",
"group_id": 0,
"group_name": "wheel",
"process_hash": "6F6FE565B11FC5FF43CD29F64183CCF2EC4E497D",
"process_id": 8125,
"process_name": "/System/Library/Frameworks/Security.framework/Versions/A/MachServices/authorizationhost.bundle/Contents/MacOS/authorizationhost",
"session_id": 100000,
"terminal_id": {
"addr": [
0
],
"ip_address": "0.0.0.0",
"port": 0,
"type": 0
},
"user_id": 0,
"user_name": "root"
}
}