vCenter Server has had the ability to audit vSphere logins, whether through the API or UI, for nearly two decades using vSphere Events, which provide detailed information on who connected, when the login occurred and the client IP address associated with the session.
While looking up something in the latest vSphere 9.1 Automation REST API, I came across a new Connection Utilization API that provides visibility into all HTTP and HTTPS connections established with vCenter Server.
While most organizations deploy vCenter Server on a dedicated management network as a best practice, it does not eliminate the possibility of unexpected or unauthorized connections. Having additional visibility into those connections and the ability to audit them can help organizations quickly identify and investigate suspicious activity.