WMIRunner probe

WMI Runner is a probe type that fetches data from Windows operating systems via the Windows Management Instrumentation (WMI) interface.

The probe handles multiple user-specified WMI Paths to be queried, using a basic form of native WMI query. Each field to be probed must be uniquely named (within the domain of the probe). The probe results returned to the sensor will provide the data found for each field queried, indexed by its name.

When creating a WMI probe, the probe type must be set to WMI Probe and the ECC Queue Topic must be set to WMIRunner.

For information on configuring probe parameters, see Set probe parameters.

The following parameters may be passed to the WMI Probe:

Table 1. WMIRunner probe parameters
Parameter Default value Description
source required Host to connect to.
part none Port to connect to.
debug false Enables debug logging.
wmi_timeout 300 (seconds) Timeout for the actual WMI probe, in seconds. Use this parameter to change the timeout interval for individual Windows probes. This value overrides the value in the windows_probe_timeout MID Server parameter, which sets a timeout for all probes launched by a specific MID Server. Windows - Installed Software probe is configured with a timeout value of 15 minutes.
process_timeout (wmi_timeout + 10 seconds) Timeout for the process running the script, in seconds. This parameter is for internal use only and is not supported.
Note: The default timeout for WMI/Powershell is 5 minutes, except for the Windows Installed Software probe, which has a default timeout value of 15 minutes. Adding wmi_timeout to a probe parameter can change the default timeout of a Windows probe.