Security Policy Domain
Overview
Section titled “Overview”Evidence: Security Policy Domain
Description: ESXi Security Policy Domain
Category: System
Platform: esxi
Short Name: secpoldomain
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”Security policy domains define access control, authentication, and authorization rules for ESXi resources. These policies govern who can access what resources and with what privileges, making them critical for understanding security boundaries and detecting privilege escalation or unauthorized access.
Data Collected
Section titled “Data Collected”This collector gathers structured data about security policy domain.
Security Policy Domain Data
Section titled “Security Policy Domain Data”| Field | Description | Example |
|---|---|---|
DomainName | Domain Name | Example value |
EnforcementLevel | Enforcement Level | Example value |
Collection Method
Section titled “Collection Method”This collector parses security policy domain configurations, extracting domain names, role assignments, permission sets, user and group mappings, and access control rules for each configured security domain.
Forensic Value
Section titled “Forensic Value”Security policy analysis reveals unauthorized privilege escalations, identifies overly permissive access grants, detects policy violations, and exposes security weakening modifications. Comparing policies against security baselines helps identify compromise indicators and unauthorized access enablement.