Windows Management Instrumentation (WMI) is an industry-standard technology for accessing management information in an enterprise environment. It provides users with information about the status of local and remote Windows computer systems.
In Lumeta Enterprise Edition 3.3.4, WMI augments Lumeta discovery, profiling, and reporting with values retrieved from WMI-enabled devices. Some WMI features are in development; these are called out in the descriptions ahead.
Relatedly, Lumeta recommends that your Active Directory credentials be read only, unique, and non-expiring.
The return values from WMI-enabled devices enhance the following aspects of Lumeta:
Device attributes discovered through WMI Discovery will augment that device's profile. Also, notifications pertaining to the profiling of WMI-responsive Windows devices are expected to be made available at about the same time.
Some basics on WMI Discovery in Lumeta Enterprise Edition:
In configuring WMI Discovery, following are some recommendations and things to keep in mind:
On the Lumeta main menu, in Dashboards, the are two WMI dashboards available: WMI Summary and WMI Troubleshooting
Following is a summary of the widgets on these dashboards:
WMI Summary
WMI Summary Dashboard Widgets | Type | Description |
---|---|---|
WMI Responders by OS | Summary chart | Count of WMI Operating Systems across all zones |
WMI Responders | Detail table | Devices across all zones that responded to WMI Discovery |
Non-Responding WMI Device Summary | Summary chart | Count of device-types across all zones that were unresponsive to WMI Discovery |
Non-Responding WMI Devices | Detail table | Devices across all zones that were unresponsive to WMI Discovery |
WMI Devices without Security Services Summary | Summary chart | Count of WMI-responsive device-types across all zones that did not report any WMI services |
WMI Devices without Security Services | Detail table | WMI-responsive device-types across all zones that did not report any WMI services |
WMI Troubleshooting
WMI Troubleshooting Dashboard Widgets | Type | Description |
---|---|---|
Windows Devices with WMI Port Closed Summary | Summary chart | Count of device-types across all zones that were profiled as Windows, yet did not have port 135 open |
Windows Devices with WMI Port Closed | Detail table | Devices across all zones that were profiled as Windows, yet did not have port 135 open |
WMI Devices with No WMI Services Summary | Summary chart | Count of device-types across all zones that were WMI-service responsive, yet did not report any WMI security services |
WMI Devices with No WMI Services | Detail table | Devices across all zones that that were WMI-service responsive, yet did not report any WMI security services |
You can click a pie slice to filter the adjacent table to show only records associated with that attribute––in this case, the table would filter to a particular Windows operating system. You can also click a link in the table to drill down to Device Details for that device. These dashboard widgets show devices across all zones that responded to WMI Discovery.
These dashboard widgets show devices across all zones that were unresponsive to WMI Discovery. This means that port 135 was open, yet there was no response to WMI discovery.
These dashboard widgets show WMI-responsive device-types across all zones that did not report any WMI services.
These dashboard widgets show devices across all zones that were profiled as Windows, yet did not have port 135 open.
These dashboard widgets show devices across all zones that that were WMI-service responsive, yet did not report any WMI services. This could be an indication that your credentials do not have the proper permissions.
You can input the IP address of any WMI-responsive device in a selected zone (or click a link in a WMI dashboard widget) to display a comprehensive list of all services running on the box (e.g., Windows Defender and Tanium status information.)
On the Lumeta GUI, browse to Search > Device Details.
Input an IP address and zone name.
Click Search and the WMI Services tab.
All services running on the box display. You can see the total number of records that were returned below the table.
You can use the control at the bottom of the results table to page through the results or use the Search bar to filter out all the records that don't match your criteria.
A description of each of the table columns follows:
See https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-service for information from Microsoft on their Win32_Service class.
Use the Attributes tab to check security compliance. You could check, for example, to ensure that all Windows systems are Windows 10 or later.
This new discovery type in Settings > Zones uses credentials you supply and input manually or import. You can supply WMI credentials.
A description of each WMI query is available in the lower right-hand corner of the Properties panel, under Comment.