Detections
Analytics
Windows Management Instrumentation
Description
Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Vulnerability Management | Advanced Network Scan | Windows machines | Authenticated Scan | WMI | Local Users, Groups and Group membership | Plugin ID: 71246 |
| Tenable Vulnerability Management | Advanced Network Scan | Windows machines | Authenticated Scan | OS Command | Computer Connectivity | Plugin ID: 64582 |
| Tenable Vulnerability Management | AD Starter Scan or Identity Scan | Active Directory | Standard AD User | LDAP | Domain Users and Groups |
References
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Execution
Technique: Windows Management Instrumentation
Sub-Technique: Windows Management Instrumentation
Platform: Windows
Products Required: Tenable Vulnerability Management
Tenable Release Date: 2022 Q3