Processes

Overview

Evidence: Processes Description: Collect Processes Category: System Platform: esxi Short Name: process Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

On ESXi, process snapshots capture running services and daemons that manage hypervisor operations and virtual machines. This visibility is key for detecting unauthorized services and runtime anomalies.

Data Collected

This collector gathers structured data about processes.

Processes Data

Field

Description

Example

WID

WID

123

CID

CID

123

Name

Name

Example value

GID

GID

123

PGID

PGID

123

SID

SID

123

PCID

PCID

123

Type

Type

Example value

State

State

Example value

Wait

Wait

Example value

CPU

CPU

Example value

Time

Time

Example value

SecurityDomain

Security Domain

Example value

UserSpace

User Space

Example value

Command

Command

Example value

Collection Method

This collector parses a pre-generated detailed process snapshot text file, tokenizes columns, and normalizes per-process attributes including identifiers, state, CPU/time fields, and command line.

Forensic Value

Process listings reveal active components, potential malicious or misconfigured services, and support timeline correlation with host events and VM operations.

PreviousPermission Info NextRoutes

Last updated 9 days ago

Was this helpful?