AUE_SETTIMEOFDAY

Documentación de implementación sin conexión de Jamf Protect

Solution

Application

Content Type

Documentación técnica

Utilities & Services

ft:locale

es-ES

Set Time of Day (Definir hora del día): Este evento se genera cuando un proceso hace una llamada para definir la hora del sistema. Todos los procesos que no sean de Apple se consideran inusuales y pueden suponer una manipulación.
Log Level (Nivel de registro): 1
Requiere ajuste detallado.: No

Ejemplo de AUE_SETTIMEOFDAY

Este es un ejemplo de registro de telemetría para un evento de definir la hora del día.

{
  "exec_chain": {
    "uuid": "F9E8BB53-C0FE-4364-B207-32B49B5F1B11"
  },
  "exec_chain_child": {
    "parent_path": "/sbin/launchd",
    "parent_pid": 1,
    "parent_uuid": "4AB281FE-6D4A-4E79-8508-E91FCA39BA02"
  },
  "header": {
    "time_seconds_epoch": 1657906936,
    "time_milliseconds_offset": 472,
    "version": 11,
    "event_modifier": 0,
    "event_id": 37,
    "event_name": "AUE_SETTIMEOFDAY"
  },
  "host_info": {
    "serial_number": "C03WG0H4HDTS",
    "host_name": "Test_MacBook_Pro",
    "osversion": "Version 12.4 (Build 21F79)",
    "host_uuid": "8891C1E2-0AC0-4E4A-844B-EA491B14D115"
  },
  "identity": {
    "signer_id": "com.apple.timed",
    "team_id_truncated": false,
    "signer_id_truncated": false,
    "cd_hash": "441bb13cc4ac8faff3df972f92e85fb8fba9a57f",
    "team_id": "",
    "signer_type": 1
  },
  "key": "8EFA4591-B518-4D5B-8C80-125134E8B360",
  "return": {
    "error": 0,
    "description": "success",
    "return_value": 0
  },
  "subject": {
    "session_id": 100000,
    "group_id": 266,
    "process_name": "/usr/libexec/timed",
    "parent_pid": 1,
    "effective_user_name": "_timed",
    "user_id": 266,
    "group_name": "_timed",
    "parent_uuid": "4AB281FE-6D4A-4E79-8508-E91FCA39BA02",
    "uuid": "F9E8BB53-C0FE-4364-B207-32B49B5F1B11",
    "effective_group_id": 266,
    "process_hash": "0ff0ee33f41cdd8ac7775b6f080cb01dd304211c",
    "audit_id": 4294967295,
    "responsible_process_id": 115,
    "parent_path": "/sbin/launchd",
    "process_id": 115,
    "effective_group_name": "_timed",
    "audit_user_name": "",
    "effective_user_id": 266,
    "terminal_id": {
      "type": 4,
      "ip_address": "0.0.0.0",
      "port": 0
    },
    "responsible_process_name": "/usr/libexec/timed",
    "user_name": "_timed"
  }
}