Account Info
Overview
Section titled “Overview”Evidence: Account Info
Description: ESXi Account Info
Category: System
Platform: esxi
Short Name: accinfo
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”Local ESXi accounts define administrative and service access to the hypervisor. Enumerating them supports auditing and detection of unauthorized users.
Data Collected
Section titled “Data Collected”This collector gathers structured data about account info.
Account Info Data
Section titled “Account Info Data”| Field | Description | Example |
|---|---|---|
AccessTime | Access Time | 2023-10-15 14:30:25+03:00 |
AccessCount | Access Count | 123 |
URL | URL | Example value |
Browser | Browser | Example value |
Title | Title | Example value |
VisitDuration | Visit Duration | Example value |
Referrer | Referrer | Example value |
TypedCount | Typed Count | 123 |
IsHidden | Is Hidden | true |
TransitionType | Transition Type | Example value |
VisitID | Visit ID | 123 |
TransitionQualifiers | Transition Qualifiers | Example value |
User | User | Example value |
Profile | Profile | Example value |
HistoryFilePath | History File Path | Example value |
Collection Method
Section titled “Collection Method”This collector parses esxcli system account list output captured in a text file to enumerate local user accounts and descriptions.
Forensic Value
Section titled “Forensic Value”Account inventories enable validation against policy, detection of rogue accounts, and correlation with authentication events.