# Security Policy Domain

## Overview

**Evidence:** Security Policy Domain\
**Description:** ESXi Security Policy Domain\
**Category:** System\
**Platform:** esxi\
**Short Name:** secpoldomain\
**Is Parsed:** Yes\
**Sent to Investigation Hub:** Yes\
**Collect File(s):** No

## Background

Security policy domains define access control, authentication, and authorization rules for ESXi resources. These policies govern who can access what resources and with what privileges, making them critical for understanding security boundaries and detecting privilege escalation or unauthorized access.

## Data Collected

This collector gathers structured data about security policy domain.

### Security Policy Domain Data

| Field              | Description       | Example       |
| ------------------ | ----------------- | ------------- |
| `DomainName`       | Domain Name       | Example value |
| `EnforcementLevel` | Enforcement Level | Example value |

## Collection Method

This collector parses security policy domain configurations, extracting domain names, role assignments, permission sets, user and group mappings, and access control rules for each configured security domain.

## Forensic Value

Security policy analysis reveals unauthorized privilege escalations, identifies overly permissive access grants, detects policy violations, and exposes security weakening modifications. Comparing policies against security baselines helps identify compromise indicators and unauthorized access enablement.