# VIB Info

## Overview

**Evidence:** VIB Info\
**Description:** ESXi VIB Info\
**Category:** System\
**Platform:** esxi\
**Short Name:** vibinfo\
**Is Parsed:** Yes\
**Sent to Investigation Hub:** Yes\
**Collect File(s):** No

## Background

vSphere Installation Bundles (VIBs) are software packages that extend ESXi functionality with drivers, agents, and system tools. VIB inventory tracks installed software, patch levels, and third-party additions, providing visibility into the software attack surface.

## Data Collected

This collector gathers structured data about vib info.

### VIB Info Data

| Field             | Description      | Example       |
| ----------------- | ---------------- | ------------- |
| `Name`            | Name             | Example value |
| `Version`         | Version          | Example value |
| `Vendor`          | Vendor           | Example value |
| `AcceptanceLevel` | Acceptance Level | Example value |
| `InstallDate`     | Install Date     | Example value |

## Collection Method

This collector parses VIB package information, extracting package names, versions, vendors, installation dates, acceptance levels, signatures, and package descriptions for each installed VIB on the ESXi host.

## Forensic Value

VIB analysis helps identify unauthorized software installations, detect malicious packages masquerading as legitimate tools, validate patch compliance, and trace software-based persistence mechanisms. Unsigned or community-level VIBs warrant additional scrutiny as potential compromise vectors.