Security Policy Domain

Overview

Evidence: Security Policy Domain Description: ESXi Security Policy Domain Category: System Platform: esxi Short Name: secpoldomain Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Security policy domains define access control, authentication, and authorization rules for ESXi resources. These policies govern who can access what resources and with what privileges, making them critical for understanding security boundaries and detecting privilege escalation or unauthorized access.

Data Collected

This collector gathers structured data about security policy domain.

Security Policy Domain Data

Field

Description

Example

DomainName

Domain Name

Example value

EnforcementLevel

Enforcement Level

Example value

Collection Method

This collector parses security policy domain configurations, extracting domain names, role assignments, permission sets, user and group mappings, and access control rules for each configured security domain.

Forensic Value

Security policy analysis reveals unauthorized privilege escalations, identifies overly permissive access grants, detects policy violations, and exposes security weakening modifications. Comparing policies against security baselines helps identify compromise indicators and unauthorized access enablement.

PreviousSCSI Info NextSyslog Config Info

Last updated 9 days ago

Was this helpful?