Permission Info
Overview
Section titled “Overview”Evidence: Permission Info
Description: ESXi Permission Info
Category: System
Platform: esxi
Short Name: perminfo
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”Permission information defines user and group access rights to ESXi resources, VMs, datastores, and management functions. Permission assignments control what actions users can perform and are frequently targeted for privilege escalation attacks or persistence establishment.
Data Collected
Section titled “Data Collected”This collector gathers structured data about permission info.
Permission Info Data
Section titled “Permission Info Data”| Field | Description | Example |
|---|---|---|
Principal | Principal | Example value |
IsGroup | Is Group | Example value |
RoleName | Role Name | Example value |
RoleDescription | Role Description | Example value |
Collection Method
Section titled “Collection Method”This collector parses permission assignments, extracting user/group identifiers, assigned roles, permission levels, resource targets (VMs, hosts, datastores), inheritance settings, and effective permissions for each access control entry.
Forensic Value
Section titled “Forensic Value”Permission analysis reveals unauthorized privilege grants, identifies excessive permissions, detects role assignment anomalies, and traces access control modifications. Unexpected permission changes or overly broad grants indicate potential compromise or insider threat activity.