Let's Talk

WMI (Windows Management Instrumentation)

Description: Microsoft’s implementation of the Web-Based Enterprise Management (WBEM) and Common Information Model (CIM) standards. WMI provides an infrastructure for overseeing remote systems and delivering management data. While it’s a critical component of Windows operating systems, malicious actors can exploit it, posing a security risk.

You can collect WMI logs via Windows Event Log or ETW (Event Tracing for Windows). Before Windows Vista and Windows Server 2008, WMI also logged events to a file. NXLog Agent supports collecting WMI events using the Event Log for Windows and Event Tracing for Windows input modules.
Also known as: Windows WMI, Microsoft WMI, WMI server
See also: Windows Management Instrumentation (WMI)
Understanding and auditing WMI

A

Agent-based log collection

Agentless log collection

Agent management

Automatic enrollment

B

C

CEF (Common Event Format)

CSV (Comma-separated Values)

Customer portal

D

DNS (Domain Name System)

E

Endpoint security

EPS (Events Per Second)

ETW (Event Tracing for Windows)

Event correlation

F

G

GELF (Graylog Extended Log Format)

I

ICMP (Internet Control Message Protocol)

IDS (Intrusion Detection System)

J

JSON (JavaScript Object Notation)

K

KVP (Key-Value Pair)

L

LEEF (Log Event Extended Format)

Log centralization

Log normalization

M

Multi-line logs

N

O

P

PCI-DSS (Payment Card Industry Data Security Standard)

R

S

SIEM (Security Information and Event Management)

SNMP (Simple Network Management Protocol)

Structured logging

T

TCP (Transmission Control Protocol)

TLS (Transport Layer Security)

U

UDP (User Datagram Protocol)

W

W3C Extended Log File Format

WEC (Windows Event Collector)

WEF (Windows Event Forwarding)

Windows event ID

WMI (Windows Management Instrumentation)

X