AUE_modify_user

Documentación de implementación sin conexión de Jamf Protect
Solution
Application
Content Type
Documentación técnica
Utilities & Services
ft:locale
es-ES
Modify User (Modificar usuario)
Este evento se genera cuando un proceso hace una llamada al sistema para modificar una cuenta de usuario existente, como cuando se cambia el directorio de inicio de un usuario.
Log Level (Nivel de registro)
1
Requiere ajuste detallado.
No

Ejemplo de AUE_modify_user

Este es un ejemplo de registro de telemetría para un evento de modificar usuario.

{
  "exec_chain": {
    "uuid": "F6095AEA-C5CB-4AAB-8FC7-70B9D454319E"
  },
  "exec_chain_child": {
    "parent_path": "/sbin/launchd",
    "parent_pid": 1,
    "parent_uuid": "4AB281FE-6D4A-4E79-8508-E91FCA39BA02"
  },
  "header": {
    "time_seconds_epoch": 1657906179,
    "time_milliseconds_offset": 855,
    "version": 11,
    "event_modifier": 0,
    "event_id": 6208,
    "event_name": "AUE_modify_user"
  },
  "host_info": {
    "serial_number": "C03WG0H4HDTS",
    "host_name": "Test_MacBook_Pro",
    "osversion": "Version 12.4 (Build 21F79)",
    "host_uuid": "8891C1E2-0AC0-4E4A-844B-EA491B14D115"
  },
  "identity": {
    "signer_id": "com.apple.opendirectoryd",
    "team_id_truncated": false,
    "signer_id_truncated": false,
    "cd_hash": "68d22bdec020f20010bfa9d27cd5f69d78427636",
    "team_id": "",
    "signer_type": 1
  },
  "key": "A11E1089-D89E-4A5C-A3EF-C1A8F8B8F27F",
  "return": {
    "error": 0,
    "description": "success",
    "return_value": 0
  },
  "subject": {
    "session_id": 100003,
    "group_id": 20,
    "process_name": "/System/Library/PreferencePanes/Accounts.prefPane/Contents/XPCServices/com.apple.preferences.users.remoteservice.xpc/Contents/MacOS/com.apple.preferences.users.remoteservice",
    "parent_pid": 1,
    "effective_user_name": "jamf",
    "user_id": 501,
    "group_name": "staff",
    "parent_uuid": "4AB281FE-6D4A-4E79-8508-E91FCA39BA02",
    "uuid": "F6095AEA-C5CB-4AAB-8FC7-70B9D454319E",
    "effective_group_id": 20,
    "process_hash": "507494616e05a5eb909794354fe69f29e432f2a7",
    "audit_id": 501,
    "responsible_process_id": 1391,
    "parent_path": "/sbin/launchd",
    "process_id": 1701,
    "effective_group_name": "staff",
    "audit_user_name": "jamf",
    "effective_user_id": 501,
    "terminal_id": {
      "type": 4,
      "ip_address": "0.0.0.0",
      "port": 4278
    },
    "responsible_process_name": "/System/Applications/System Preferences.app/Contents/MacOS/System Preferences",
    "user_name": "jamf"
  },
  "texts": [
    "Set values for record type Users 'baddie' node '/Local/Default', attribute = 'dsAttrTypeStandard:MCXSettings', value(s) = ''"
  ]
}