AUE_SESSION_UPDATE

Session Update (Actualización de sesión)

Este evento se genera cuando una sesión vuelve de un estado inactivo sin finalizarla.

Log Level (Nivel de registro)

1

Requiere ajuste detallado.

No

Ejemplo de AUE_SESSION_UPDATE

Este es un ejemplo de registro de telemetría para un evento de actualización de sesión.

{
  "arguments": {
    "sflags": 8240,
    "am_success": 12288,
    "am_failure": 12288
  },
  "exec_chain": {
    "uuid": "79997063-82EE-49EA-A394-9CE6D66C2771"
  },
  "exec_chain_child": {
    "parent_path": "",
    "parent_pid": -1,
    "parent_uuid": ""
  },
  "header": {
    "time_seconds_epoch": 1657906645,
    "time_milliseconds_offset": 744,
    "version": 11,
    "event_modifier": 0,
    "event_id": 44902,
    "event_name": "AUE_SESSION_UPDATE"
  },
  "host_info": {
    "serial_number": "C03WG0H4HDTS",
    "host_name": "Test_MacBook_Pro",
    "osversion": "Version 12.4 (Build 21F79)",
    "host_uuid": "8891C1E2-0AC0-4E4A-844B-EA491B14D115"
  },
  "key": "5C82F3B7-8AC1-4810-A9E5-067C27907610",
  "return": {
    "error": 0,
    "description": "success",
    "return_value": 0
  },
  "subject": {
    "session_id": 100003,
    "group_id": 0,
    "process_name": "",
    "effective_user_name": "root",
    "user_id": 0,
    "group_name": "wheel",
    "parent_uuid": "",
    "uuid": "79997063-82EE-49EA-A394-9CE6D66C2771",
    "effective_group_id": 0,
    "process_hash": "",
    "audit_id": 501,
    "responsible_process_id": 0,
    "process_id": 0,
    "parent_path": "",
    "effective_group_name": "wheel",
    "audit_user_name": "test",
    "effective_user_id": 0,
    "terminal_id": {
      "type": 4,
      "ip_address": "0.0.0.0",
      "port": 50331650
    },
    "responsible_process_name": "",
    "user_name": "root"
  }
}