Detections
Analytics
Windows Management Instrumentation
Description
Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Vulnerability Management | Advanced Network Scan | Windows machines | Authenticated Scan | SMB | Windows Services | |
| Tenable Vulnerability Management | Advanced Network Scan | Windows machines | Authenticated Scan | WMI | Local Users, Groups and Group membership | |
| Tenable Vulnerability Management | Advanced Network Scan | Windows machines | Authenticated Scan | OS Command | Computer Connectivity |
References
Enumerate Local Group Memberships
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Execution
Technique: Windows Management Instrumentation
Products Required: Tenable Vulnerability Management