Kernel Info

Overview

Evidence: Kernel Info
Description: ESXi Kernel Info
Category: System
Platform: esxi
Short Name: kerninfo
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No

Background

ESXi kernel (VMkernel) information provides details about the hypervisor’s core operating system layer, including version, build numbers, and loaded modules. Kernel information is essential for identifying vulnerable versions, detecting unauthorized kernel modifications, and validating patch levels.

Data Collected

This collector gathers structured data about kernel info.

Kernel Info Data

Field	Description	Example
`AccessTime`	Access Time	2023-10-15 14:30:25+03:00
`AccessCount`	Access Count	123
`URL`	URL	Example value
`Browser`	Browser	Example value
`Title`	Title	Example value
`VisitDuration`	Visit Duration	Example value
`Referrer`	Referrer	Example value
`TypedCount`	Typed Count	123
`IsHidden`	Is Hidden	true
`TransitionType`	Transition Type	Example value
`VisitID`	Visit ID	123
`TransitionQualifiers`	Transition Qualifiers	Example value
`User`	User	Example value
`Profile`	Profile	Example value
`HistoryFilePath`	History File Path	Example value

Collection Method

This collector parses kernel information files, extracting VMkernel version strings, build identifiers, release information, and compilation timestamps from ESXi kernel metadata sources.

Forensic Value

Kernel version data helps identify known vulnerabilities, validate patch compliance, and detect version inconsistencies that may indicate rootkit installation or system tampering. Build information also assists in timeline reconstruction and verifying legitimate system updates versus malicious modifications.