Tag
The detection identifies potentially compromised root accounts on ESXi hosts by monitoring the number of unique IP addresses logging in as root within a short time window, indicating credential misuse or lateral movement.