AUE_modify_group

Documentation relative au déploiement hors ligne de Jamf Protect
Solution
Application
Content Type
Documentation technique
Utilities & Services
ft:locale
fr-FR
Modification d’un groupe
Cet évènement est généré lorsqu’un processus effectue un appel système pour modifier un groupe existant, par exemple en modifiant le nom du groupe ou sa composition.
Log Level (Niveau du journal)
1
Requiert l’option Verbose (Détaillé)
Non

AUE_modify_group Example

Exemple de journal de télémétrie pour la modification d’un groupe.

{
  "exec_chain": {
    "uuid": "10837AD2-6036-4B34-9011-81BC6649D4B8"
  },
  "exec_chain_child": {
    "parent_path": "/sbin/launchd",
    "parent_pid": 1,
    "parent_uuid": "4AB281FE-6D4A-4E79-8508-E91FCA39BA02"
  },
  "header": {
    "time_seconds_epoch": 1657906177,
    "time_milliseconds_offset": 177,
    "version": 11,
    "event_modifier": 0,
    "event_id": 45017,
    "event_name": "AUE_modify_group"
  },
  "host_info": {
    "serial_number": "C03WG0H4HDTS",
    "host_name": "Test_MacBook_Pro",
    "osversion": "Version 12.4 (Build 21F79)",
    "host_uuid": "8891C1E2-0AC0-4E4A-844B-EA491B14D115"
  },
  "identity": {
    "signer_id": "com.apple.opendirectoryd",
    "team_id_truncated": false,
    "signer_id_truncated": false,
    "cd_hash": "68d22bdec020f20010bfa9d27cd5f69d78427636",
    "team_id": "",
    "signer_type": 1
  },
  "key": "C90550CA-3AE9-4F1B-BA54-BEA5AE7A1C06",
  "return": {
    "error": 0,
    "description": "success",
    "return_value": 0
  },
  "subject": {
    "session_id": 100115,
    "group_id": 0,
    "process_name": "/System/Library/PrivateFrameworks/SharePointManagement.framework/XPCServices/SharePointManagementService.xpc/Contents/MacOS/SharePointManagementService",
    "parent_pid": 1,
    "effective_user_name": "root",
    "user_id": 0,
    "group_name": "wheel",
    "parent_uuid": "4AB281FE-6D4A-4E79-8508-E91FCA39BA02",
    "uuid": "10837AD2-6036-4B34-9011-81BC6649D4B8",
    "effective_group_id": 0,
    "process_hash": "b7669ee6de74d11ede0cfe9656986983a2f50fb7",
    "audit_id": 4294967295,
    "responsible_process_id": 343,
    "parent_path": "/sbin/launchd",
    "process_id": 1721,
    "effective_group_name": "wheel",
    "audit_user_name": "",
    "effective_user_id": 0,
    "terminal_id": {
      "type": 4,
      "ip_address": "0.0.0.0",
      "port": 4331
    },
    "responsible_process_name": "/System/Library/PrivateFrameworks/SystemAdministration.framework/XPCServices/writeconfig.xpc/Contents/MacOS/writeconfig",
    "user_name": "root"
  },
  "texts": [
    "Set values for record type SharePoints 'baddie\u2019s Public Folder' node '/Local/Default', attribute = 'dsAttrTypeStandard:GeneratedUID', value(s) = '4C549E72-BD5C-4A4F-A947-D309D79AFECF'"
  ]
}