Back to binalyze.com

Advanced Configuration

Overview

Evidence: Advanced Configuration Description: ESXi Advanced Configuration Category: System Platform: esxi Short Name: advconf Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

ESXi advanced configuration settings control low-level hypervisor behavior, security policies, and system parameters. These settings can be modified to weaken security, enable backdoors, or alter logging behavior, making them valuable for detecting unauthorized system modifications.

Data Collected

This collector gathers structured data about advanced configuration.

Advanced Configuration Data

Field
Description
Example

AccessTime

Access Time

2023-10-15 14:30:25+03:00

AccessCount

Access Count

123

URL

URL

Example value

Browser

Browser

Example value

Title

Title

Example value

VisitDuration

Visit Duration

Example value

Referrer

Referrer

Example value

TypedCount

Typed Count

123

IsHidden

Is Hidden

true

TransitionType

Transition Type

Example value

VisitID

Visit ID

123

TransitionQualifiers

Transition Qualifiers

Example value

User

User

Example value

Profile

Profile

Example value

HistoryFilePath

History File Path

Example value

Collection Method

This collector parses the advanced configuration file containing key-value pairs of ESXi system settings, extracting configuration parameter names and their corresponding values as defined in the host's advanced options.

Forensic Value

Advanced configuration analysis reveals security policy changes, unauthorized parameter modifications, and potential indicators of compromise. Comparing settings against baselines helps detect malicious configuration changes, disabled security features, or altered logging that may hide attacker activities.

PreviousActive ConnectionsNextAdvanced Settings

Last updated

Was this helpful?