Skip to content

Hide Navigation Hide TOC

ESXi System Information Discovery Via ESXCLI (e80273e1-9faf-40bc-bd85-dbaff104c4e9)

Detects execution of the "esxcli" command with the "system" flag in order to retrieve information about the different component of the system. Such as accounts, modules, NTP, etc.

Cluster A Galaxy A Cluster B Galaxy B Level
ESXi System Information Discovery Via ESXCLI (e80273e1-9faf-40bc-bd85-dbaff104c4e9) Sigma-Rules System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern 1
ESXi System Information Discovery Via ESXCLI (e80273e1-9faf-40bc-bd85-dbaff104c4e9) Sigma-Rules System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern 1