Tag
high
advisory
ESXi Lockdown Mode Disabled
2 rules 1 TTPDetection of ESXi Lockdown Mode being disabled, potentially indicating attacker attempts to weaken host security controls for broader access, data exfiltration, or VM tampering.
ESXi
vmware
lockdown mode
defense evasion
t1562
2r
1t
high
advisory
ESXi Loghost Configuration Tampering
2 rules 1 TTPAttackers modify the ESXi host's syslog configuration to disrupt log forwarding, potentially evading detection and hindering incident response efforts after a compromise.
ESXi
vmware
syslog
defense-evasion
t1562
2r
1t