The 'ESXi System Information Discovery' detection rule is designed to identify the use of ESXCLI commands that request system-level configuration details on VMware ESXi hosts. Such commands, while often employed for legitimate administrative tasks, can also be leveraged by malicious actors for reconnaissance purposes. The detection rule searches for syslog messages that include references to 'esxcli' alongside commands that typically retrieve system information, filtering out filesystem commands to reduce noise. The output provides insight into the user executing these commands and the targeted ESXi host, allowing for surveillance over potential adversary activity. This detection uses SPL (Search Processing Language) and requires the installation of a corresponding Splunk Technology Add-on for VMware ESXi Logs to ensure accurate data collection and processing.