Advanced Settings
Overview
Section titled “Overview”Evidence: Advanced Settings
Description: ESXi Advanced Settings
Category: System
Platform: esxi
Short Name: advsettings
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”ESXi advanced settings provide granular control over hypervisor behavior, including security policies, resource allocation, logging verbosity, and feature toggles. These settings can be weaponized by attackers to weaken security, disable logging, or modify system behavior for persistence.
Data Collected
Section titled “Data Collected”This collector gathers structured data about advanced settings.
Advanced Settings Data
Section titled “Advanced Settings Data”| Field | Description | Example |
|---|---|---|
AccessTime | Access Time | 2023-10-15 14:30:25+03:00 |
AccessCount | Access Count | 123 |
URL | URL | Example value |
Browser | Browser | Example value |
Title | Title | Example value |
VisitDuration | Visit Duration | Example value |
Referrer | Referrer | Example value |
TypedCount | Typed Count | 123 |
IsHidden | Is Hidden | true |
TransitionType | Transition Type | Example value |
VisitID | Visit ID | 123 |
TransitionQualifiers | Transition Qualifiers | Example value |
User | User | Example value |
Profile | Profile | Example value |
HistoryFilePath | History File Path | Example value |
Collection Method
Section titled “Collection Method”This collector parses advanced system settings, extracting configuration keys, current values, default values, and setting descriptions from the ESXi advanced options database.
Forensic Value
Section titled “Forensic Value”Advanced settings analysis reveals security weakening modifications, identifies disabled security features, detects altered logging configurations that hide attacker activity, and exposes non-standard settings that may indicate compromise. Comparing against security baselines highlights suspicious deviations.