AUE_EXECVE

Documentation relative au déploiement hors ligne de Jamf Protect

Solution

Application

Content Type

Documentation technique

Utilities & Services

ft:locale

fr-FR

Exécution d’un nouveau programme: Cet évènement est généré lorsqu’un processus effectue un appel pour exécuter un nouveau programme ou un script.
Log Level (Niveau du journal): 1*
Requiert l’option Verbose (Détaillé): Non

AUE_EXECVE Example

Exemple de journal de télémétrie pour l’exécution d’un nouveau programme.

{
  "attributes": {
    "device": 0,
    "owner_group_name": "wheel",
    "owner_user_id": 0,
    "owner_user_name": "root",
    "file_system_id": 16777224,
    "file_access_mode": 33261,
    "node_id": 900554,
    "owner_group_id": 0
  },
  "exec_args": {
    "args_compiled": "fdesetup,list",
    "args": {
      "1": "fdesetup",
      "2": "list"
    }
  },
  "exec_chain": {
    "uuid": "DCA8F223-47E5-4EE6-B506-44E08E07D667"
  },
  "exec_chain_child": {
    "parent_path": "/usr/bin/sudo",
    "parent_pid": 1900,
    "parent_uuid": "4AD27D08-22C6-46C5-9E1B-27E9CCD4772C"
  },
  "header": {
    "time_seconds_epoch": 1657906950,
    "time_milliseconds_offset": 502,
    "version": 11,
    "event_modifier": 0,
    "event_id": 23,
    "event_name": "AUE_EXECVE"
  },
  "host_info": {
    "serial_number": "C03WG0H4HDTS",
    "host_name": "Test_MacBook_Pro",
    "osversion": "Version 12.4 (Build 21F79)",
    "host_uuid": "8891C1E2-0AC0-4E4A-844B-EA491B14D115"
  },
  "identity": {
    "signer_id": "com.apple.sudo",
    "team_id_truncated": false,
    "signer_id_truncated": false,
    "cd_hash": "0ac575ab24928a434237b2dc3a0bbbb7c375b78f",
    "team_id": "",
    "signer_type": 1
  },
  "key": "CC0EB939-E654-4330-9D75-AC6BFE7F139B",
  "path": [
    "/usr/bin/fdesetup",
    "/usr/bin/fdesetup"
  ],
  "return": {
    "error": 0,
    "description": "success",
    "return_value": 0
  },
  "subject": {
    "session_id": 1770,
    "group_id": 0,
    "process_name": "/usr/bin/fdesetup",
    "parent_pid": 1900,
    "effective_user_name": "root",
    "user_id": 0,
    "group_name": "wheel",
    "parent_uuid": "4AD27D08-22C6-46C5-9E1B-27E9CCD4772C",
    "uuid": "DCA8F223-47E5-4EE6-B506-44E08E07D667",
    "effective_group_id": 0,
    "process_hash": "4280f574eff8d5a6dcc2d355c26f6069871fc4d2",
    "audit_id": 501,
    "responsible_process_id": 1770,
    "parent_path": "/usr/bin/sudo",
    "process_id": 1901,
    "effective_group_name": "wheel",
    "audit_user_name": "jamf",
    "effective_user_id": 0,
    "terminal_id": {
      "type": 16,
      "ip_address": "::1",
      "port": 49727
    },
    "responsible_process_name": "/usr/sbin/sshd",
    "user_name": "root"
  }
}