Networks

Overview

Evidence: Networks
Description: ESXi Networks for all Virtual Machines
Category: Network
Platform: esxi
Short Name: ntwk
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No

Background

ESXi VM network summaries describe port groups, accessibility, and IP pool associations, providing a view of virtual networking and connectivity.

Data Collected

This collector gathers structured data about networks.

Networks Data

Field	Description	Example
`AccessTime`	Access Time	2023-10-15 14:30:25+03:00
`AccessCount`	Access Count	123
`URL`	URL	Example value
`Browser`	Browser	Example value
`Title`	Title	Example value
`VisitDuration`	Visit Duration	Example value
`Referrer`	Referrer	Example value
`TypedCount`	Typed Count	123
`IsHidden`	Is Hidden	true
`TransitionType`	Transition Type	Example value
`VisitID`	Visit ID	123
`TransitionQualifiers`	Transition Qualifiers	Example value
`User`	User	Example value
`Profile`	Profile	Example value
`HistoryFilePath`	History File Path	Example value

Collection Method

This collector parses vim-cmd vmsvc/get.networks output captured in a text file, extracting network records for each VM.

Forensic Value

Network mappings support scoping of east-west traffic, identifying exposed segments, and correlating VM communications during incident response.