Kernel Info
Overview
Evidence: Kernel Info Description: ESXi Kernel Info Category: System Platform: esxi Short Name: kerninfo Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No
Background
ESXi kernel (VMkernel) information provides details about the hypervisor's core operating system layer, including version, build numbers, and loaded modules. Kernel information is essential for identifying vulnerable versions, detecting unauthorized kernel modifications, and validating patch levels.
Data Collected
This collector gathers structured data about kernel info.
Kernel Info Data
AccessTime
Access Time
2023-10-15 14:30:25+03:00
AccessCount
Access Count
123
URL
URL
Example value
Browser
Browser
Example value
Title
Title
Example value
VisitDuration
Visit Duration
Example value
Referrer
Referrer
Example value
TypedCount
Typed Count
123
IsHidden
Is Hidden
true
TransitionType
Transition Type
Example value
VisitID
Visit ID
123
TransitionQualifiers
Transition Qualifiers
Example value
User
User
Example value
Profile
Profile
Example value
HistoryFilePath
History File Path
Example value
Collection Method
This collector parses kernel information files, extracting VMkernel version strings, build identifiers, release information, and compilation timestamps from ESXi kernel metadata sources.
Forensic Value
Kernel version data helps identify known vulnerabilities, validate patch compliance, and detect version inconsistencies that may indicate rootkit installation or system tampering. Build information also assists in timeline reconstruction and verifying legitimate system updates versus malicious modifications.
Last updated
Was this helpful?