Vendor: VMware

April 15, 2026 · View on GitHub

Product: VMware ESXi

Rules	Models	MITRE ATT&CK® TTPs	Activity Types	Parsers
209	84	42	7	15

Use-Case	Activity Types/Parsers	MITRE ATT&CK® TTP	Content
Abnormal Authentication & Access	app-activity ↳vmware-esxi-str-app-activity-hostd-1 ↳vmware-esxi-str-app-activity-info ↳vmware-esxi-str-app-activity-vpxa ↳vmware-esxi-str-app-activity-vpxd ↳vmware-esxi-mix-app-activity-sub ↳vmware-esxi-str-app-activity-vsand ↳vmware-esxi-str-app-activity-vsansystem ↳vmware-esxi-str-app-activity-hostd ↳vmware-esxi-str-app-activity-success-storagermstatfile app-login ↳vmware-esxi-str-app-login-success-vmauthd ↳vmware-esxi-str-endpoint-login-success-loggedin ↳vmware-esxi-str-endpoint-login-success-loggedin-1 ↳vmware-esxi-str-app-login-loggedin authentication-successful ↳vmware-esxi-str-app-authentication-success-pushingto failed-app-login ↳vmware-esxi-str-app-login-fail-invalidcredentials remote-logon ↳vmware-esxi-str-endpoint-login-success-sshsessionopened web-activity-denied ↳vmware-esxi-str-http-session-fail-iofiltervpd	T1021 - Remote Services T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services	38 Rules 17 Models
Account Manipulation	app-activity ↳vmware-esxi-str-app-activity-hostd-1 ↳vmware-esxi-str-app-activity-info ↳vmware-esxi-str-app-activity-vpxa ↳vmware-esxi-str-app-activity-vpxd ↳vmware-esxi-mix-app-activity-sub ↳vmware-esxi-str-app-activity-vsand ↳vmware-esxi-str-app-activity-vsansystem ↳vmware-esxi-str-app-activity-hostd ↳vmware-esxi-str-app-activity-success-storagermstatfile	T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	3 Rules 1 Models
Cryptomining	web-activity-denied ↳vmware-esxi-str-http-session-fail-iofiltervpd	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	1 Rules
Data Exfiltration	web-activity-denied ↳vmware-esxi-str-http-session-fail-iofiltervpd	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms	6 Rules 2 Models
Phishing	web-activity-denied ↳vmware-esxi-str-http-session-fail-iofiltervpd	T1189 - Drive-by Compromise T1204 - User Execution T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1598 - T1598 T1598.003 - T1598.003	3 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Phishing: Spearphishing Link External Remote Services Valid Accounts Drive-by Compromise Exploit Public Fasing Application Phishing	User Execution	External Remote Services Valid Accounts Account Manipulation Account Manipulation: Exchange Email Delegate Permissions	Valid Accounts Exploitation for Privilege Escalation	Valid Accounts Use Alternate Authentication Material Use Alternate Authentication Material: Pass the Hash Use Alternate Authentication Material: Pass the Ticket Valid Accounts: Local Accounts	OS Credential Dumping Steal or Forge Kerberos Tickets Credentials from Password Stores Steal or Forge Kerberos Tickets: Kerberoasting	File and Directory Discovery Remote System Discovery	Remote Services Use Alternate Authentication Material Internal Spearphishing	Email Collection Email Collection: Email Forwarding Rule	Web Service Application Layer Protocol: Web Protocols Dynamic Resolution Dynamic Resolution: Domain Generation Algorithms Proxy: Multi-hop Proxy Application Layer Protocol Proxy	Exfiltration Over Web Service: Exfiltration to Cloud Storage Exfiltration Over Web Service	Resource Hijacking