1. Home
  2. Data Sources
  3. WMI

WMI

The infrastructure for management data and operations that enables local and remote management of Windows personal computers and servers[1][2]

ID: DS0005
Platform: Windows
Collection Layer: Host
Contributors: Center for Threat-Informed Defense (CTID)
Version: 1.0
Created: 20 October 2021
Last Modified: 10 November 2021

Data Components

WMI: WMI Creation

Initial construction of a WMI object, such as a filter, consumer, subscription, binding, or provider (ex: Sysmon EIDs 19-21)

WMI: WMI Creation

Initial construction of a WMI object, such as a filter, consumer, subscription, binding, or provider (ex: Sysmon EIDs 19-21)

Domain ID Name
Enterprise T1546 Event Triggered Execution
.003 Windows Management Instrumentation Event Subscription

References

  1. Microsoft. (2018, May 31). WMI System Classes. Retrieved September 29, 2021.
  1. Microsoft. (2018, May 31). WMI Architecture. Retrieved September 29, 2021.