ESXi Syslog Configuration Change Via ESXCLI

Rule Info

Name
ESXi Syslog Configuration Change Via ESXCLI
Author
Cedric Maurugeon
Description
Detects changes to the ESXi syslog configuration via "esxcli"
Reference
https://support.solarwinds.com/SuccessCenter/s/article/Configure-ESXi-Syslog-to-LEM?language=en_US
Date
2023-09-04 00:00:00
Modified
None
Id
38eb1dbb-011f-40b1-a126-cf03a0210563
Tags
attack.defense_evasion attack.t1562.001 attack.t1562.003 DEMO
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=38eb1dbb-011f-40b1-a126-cf03a0210563

Rule History

Author
Title
Date
Commit
github-actions[bot]
Merge PR #4891 from @nasbench - Promote older rules status from `experimental` to `test`
2024-07-01
47085e948
kidrek
Merge PR #4425 from @kidrek - ESXi Syslog Configuration Change Via ESXCLI
2023-09-07
e738fff0a
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022