This detection rule identifies tampering with the acceptance level of a vSphere Installation Bundle (VIB) on an ESXi host. Adjusting the acceptance level, particularly to settings like CommunitySupported, diminishes the system's integrity checks and facilitates the installation of potentially harmful unsigned or unverified software. The rule utilizes syslog data from VMware ESXi systems, monitoring for specific commands that could indicate a potential security breach. The implementation requires logging configuration for syslog output directed to a Splunk environment, along with employing the necessary Splunk Technology Add-on for VMware ESXi Logs to ensure proper ingestion and processing. Administrators need to be aware of the command's legitimate use during third-party VIB installations, potentially leading to false positives, necessitating tuning of the detection criteria.