Cron Jobs
Overview
Section titled “Overview”Evidence: Cron Jobs
Description: Collect cron jobs
Category: System
Platform: aix
Short Name: cronj
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”Cron jobs on AIX systems are scheduled tasks that run automatically at specified times or intervals. This data is essential for understanding system automation, detecting unauthorized scheduled tasks, and investigating time-based security incidents. Cron jobs provide evidence of automated processes, maintenance tasks, and potential persistence mechanisms used by attackers.
Data Collected
Section titled “Data Collected”This collector gathers structured data about cron jobs.
Cron Jobs Data
Section titled “Cron Jobs Data”| Field | Description | Example |
|---|---|---|
Minute | Minute | Example value |
Hour | Hour | Example value |
DayOfMonth | Day Of Month | Example value |
Month | Month | Example value |
DayOfWeek | Day Of Week | Example value |
Command | Command | Example value |
Path | Path | Example value |
Event | Event | Example value |
Collection Method
Section titled “Collection Method”This collector parses the necessary data from cron configuration files.
Forensic Value
Section titled “Forensic Value”This evidence is crucial for forensic investigations as it provides information about scheduled tasks and automated processes on AIX systems. It helps investigators understand system automation, detect unauthorized scheduled tasks, and investigate time-based attacks. The data can reveal maintenance schedules, automated processes, and potential persistence mechanisms. Analysts can use this information to identify suspicious scheduled tasks, trace automated activities, and assess AIX system security posture.