Tag
medium
advisory
ESXi External Root Login Detection
2 rules 1 TTPThis detection identifies instances where the ESXi UI is accessed using the root account instead of a delegated administrative user, which bypasses role-based access controls and may indicate risky behavior or unauthorized activity.
ESXi +3
vmware
root_login
privilege_escalation
2r
1t
high
advisory
ESXi External Root Login Activity Detection
2 rules 1 TTPDetection of ESXi UI access using the root account from external IP addresses, bypassing role-based access controls and potentially indicating unauthorized activity or compromised credentials.
ESXi
vmware
root_login
unauthorized_access
t1078
2r
1t