Back to binalyze.com

WBEM Info

Overview

Evidence: WBEM Info Description: ESXi WBEM Info Category: System Platform: esxi Short Name: wbeminfo Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Web-Based Enterprise Management (WBEM) services enable CIM (Common Information Model) based hardware monitoring and management on ESXi. WBEM configuration controls remote hardware management access and can be exploited if improperly secured or modified to enable unauthorized hardware monitoring.

Data Collected

This collector gathers structured data about wbem info.

WBEM Info Data

Field
Description
Example

Enabled

Enabled

Example value

WSManagementService

WS Management Service

Example value

EnableHTTPS

Enable HTTPS

Example value

AuthorizationModel

Authorization Model

Example value

Port

Port

123

HTTPProcs

HTTP Procs

123

HTTPSProcs

HTTPS Procs

123

ProviderProcs

Provider Procs

123

KeepaliveTimeout

Keepalive Timeout

123

KeepaliveMaxRequests

Keepalive Max Requests

123

ProviderSampleInterval

Provider Sample Interval

123

ProviderTimeoutInterval

Provider Timeout Interval

123

HTTPMaxContentLength

HTTP Max Content Length

123

MaxMessageLength

Max Message Length

123

ThreadStackSize

Thread Stack Size

123

ProviderResourcePoolOverride

Provider Resource Pool Override

Example value

SSLCipherList

SSL Cipher List

Example value

ThreadpoolSize

Threadpool Size

123

Readonly

Readonly

Example value

LogLevel

Log Level

Example value

ServiceLocationProtocolPID

Service Location Protocol PID

123

WSManagementPID

WS Management PID

123

CIMObjectManagerPID

CIM Object Manager PID

123

EnabledSSLProtocols

Enabled SSL Protocols

Example value

EnabledSystemSSLProtocols

Enabled System SSL Protocols

Example value

EnabledRunningSSLProtocols

Enabled Running SSL Protocols

Example value

Collection Method

This collector parses WBEM service configuration, extracting service status, port settings, authentication requirements, SSL/TLS configurations, and access control settings for the WBEM management interface.

Forensic Value

WBEM configuration analysis reveals remote management exposure, identifies weakened authentication settings, detects unauthorized service modifications, and exposes potential backdoor access through management interfaces. Unexpected WBEM access or configuration changes warrant investigation.

PreviousVswitch Standard InfoNextDisk and Volume Imaging

Last updated

Was this helpful?