# Advanced Settings ## Overview **Evidence:** Advanced Settings\ **Description:** ESXi Advanced Settings\ **Category:** System\ **Platform:** esxi\ **Short Name:** advsettings\ **Is Parsed:** Yes\ **Sent to Investigation Hub:** Yes\ **Collect File(s):** No ## Background ESXi advanced settings provide granular control over hypervisor behavior, including security policies, resource allocation, logging verbosity, and feature toggles. These settings can be weaponized by attackers to weaken security, disable logging, or modify system behavior for persistence. ## Data Collected This collector gathers structured data about advanced settings. ### Advanced Settings Data | Field | Description | Example | | ---------------------- | --------------------- | ------------------------- | | `AccessTime` | Access Time | 2023-10-15 14:30:25+03:00 | | `AccessCount` | Access Count | 123 | | `URL` | URL | Example value | | `Browser` | Browser | Example value | | `Title` | Title | Example value | | `VisitDuration` | Visit Duration | Example value | | `Referrer` | Referrer | Example value | | `TypedCount` | Typed Count | 123 | | `IsHidden` | Is Hidden | true | | `TransitionType` | Transition Type | Example value | | `VisitID` | Visit ID | 123 | | `TransitionQualifiers` | Transition Qualifiers | Example value | | `User` | User | Example value | | `Profile` | Profile | Example value | | `HistoryFilePath` | History File Path | Example value | ## Collection Method This collector parses advanced system settings, extracting configuration keys, current values, default values, and setting descriptions from the ESXi advanced options database. ## Forensic Value Advanced settings analysis reveals security weakening modifications, identifies disabled security features, detects altered logging configurations that hide attacker activity, and exposes non-standard settings that may indicate compromise. Comparing against security baselines highlights suspicious deviations.