# Advanced Configuration ## Overview **Evidence:** Advanced Configuration\ **Description:** ESXi Advanced Configuration\ **Category:** System\ **Platform:** esxi\ **Short Name:** advconf\ **Is Parsed:** Yes\ **Sent to Investigation Hub:** Yes\ **Collect File(s):** No ## Background ESXi advanced configuration settings control low-level hypervisor behavior, security policies, and system parameters. These settings can be modified to weaken security, enable backdoors, or alter logging behavior, making them valuable for detecting unauthorized system modifications. ## Data Collected This collector gathers structured data about advanced configuration. ### Advanced Configuration Data | Field | Description | Example | | ---------------------- | --------------------- | ------------------------- | | `AccessTime` | Access Time | 2023-10-15 14:30:25+03:00 | | `AccessCount` | Access Count | 123 | | `URL` | URL | Example value | | `Browser` | Browser | Example value | | `Title` | Title | Example value | | `VisitDuration` | Visit Duration | Example value | | `Referrer` | Referrer | Example value | | `TypedCount` | Typed Count | 123 | | `IsHidden` | Is Hidden | true | | `TransitionType` | Transition Type | Example value | | `VisitID` | Visit ID | 123 | | `TransitionQualifiers` | Transition Qualifiers | Example value | | `User` | User | Example value | | `Profile` | Profile | Example value | | `HistoryFilePath` | History File Path | Example value | ## Collection Method This collector parses the advanced configuration file containing key-value pairs of ESXi system settings, extracting configuration parameter names and their corresponding values as defined in the host's advanced options. ## Forensic Value Advanced configuration analysis reveals security policy changes, unauthorized parameter modifications, and potential indicators of compromise. Comparing settings against baselines helps detect malicious configuration changes, disabled security features, or altered logging that may hide attacker activities.