Skip to content

Hide Navigation Hide TOC

ESXi VM List Discovery Via ESXCLI (5f1573a7-363b-4114-9208-ad7a61de46eb)

Detects execution of the "esxcli" command with the "vm" flag in order to retrieve information about the installed VMs.

Cluster A Galaxy A Cluster B Galaxy B Level
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern ESXi VM List Discovery Via ESXCLI (5f1573a7-363b-4114-9208-ad7a61de46eb) Sigma-Rules 1
ESXi VM List Discovery Via ESXCLI (5f1573a7-363b-4114-9208-ad7a61de46eb) Sigma-Rules System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 1