Connector, wmi type

Kaspersky Unified Monitoring and Analysis Platform

Support Send link Get as PDF

User guide > KUMA resources > Connectors > Connector settings > Connector, wmi type

Connector, wmi type

Connectors of the wmi type are used for getting data using Windows Management Instrumentation when working with Windows agents. Settings for a connector of the wmi type are described in the following tables.

Basic settings tab

Setting	Description
Name	Unique name of the resource. The maximum length of the name is 128 Unicode characters. Required setting.
Tenant	The name of the tenant that owns the resource. Required setting.
Type	Connector type: wmi. Required setting.
Description	Description of the resource. The maximum length of the description is 4000 Unicode characters.
URL	URL of the collector that you created to receive data using Windows Management Instrumentation, for example, `kuma-collector.example.com:7221`. When a collector is created, an agent is automatically created that will get data on the remote device and forward it to the collector service. If you know which server the collector service will be installed on, the URL is known in advance. You can enter the URL of the collector in the URL field after completing the installation wizard. To do so, you first need to copy the URL of the collector in the Resources → Active services section. Required setting.
Default credentials	No value. You need to specify credentials for connecting to hosts in the Remote hosts table.
Remote hosts	Settings of remote Windows devices to connect to. Server is the IP address or name of the device from which you want to receive data, for example, `machine-1`. Required setting. Domain is the name of the domain in which the remote device resides. For example, `example.com`. Required setting. Log type are the names of the Windows logs that you want to get. By default, this drop-down list includes only preconfigured logs, but you can add custom log to the list. To do so, enter the names of the custom logs in the Windows logs field, then press `ENTER`. KUMA service and resource configurations may require additional changes in order to process custom logs correctly. Logs that are available by default: Application ForwardedEvents Security System HardwareEvents If a WMI connection uses at least one log with an incorrect name, the agent that uses the connector does not receive events from all the logs within this connection, even if the names of other logs are specified correctly. The WMI agent connections for which all log names are specified correctly will work properly. Secret is the account credentials for accessing the remote Windows asset with permissions to read logs. If you do not select an option in this drop-down list, the credentials from the secret selected in the Default credentials drop-down list are used. The login in the secret must be specified without the domain. The domain value for access to the host is taken from the Domain column of the Remote hosts table. You can select an existing secret or create a new secret. To create a new secret, select Create new. If you want to edit the settings of an existing secret, click the pencil icon next to it. How to create a secret? To create a secret: In the Name field, enter the name of the secret. In the User and Password fields, enter the credentials of the user account that the Agent will use to connect to the connector. If necessary, enter a description of the secret in the Description field. Click the Create button. The secret is added and displayed in the Secret drop-down list. You can add multiple remote Windows devices or remove a remote Windows device. To add a remote Windows device, click + Add. To remove a remote Windows device, select the check box next to it and click Delete.

Advanced settings tab

Setting	Description
Debug	The switch enables resource logging. The toggle switch is turned off by default.
Character encoding	Character encoding. The default is UTF-8.
TLS mode	TLS encryption mode. When using TLS encryption, you cannot specify an IP address in the URL field on the Basic settings. Available values: Disabled means TLS encryption is not used. This value is selected by default. Enabled means TLS encryption is used, but certificates are not verified. With verification means TLS encryption is used with verification of the certificate signed with the KUMA root certificate. The root certificate and key of KUMA are created automatically during application installation and are stored on the KUMA Core server in the /opt/kaspersky/kuma/core/certificates/ directory.
Compression	Drop-down list for configuring Snappy compression: Disabled. This value is selected by default. Use Snappy.

If you edit a connector of this type, the TLS mode and Compression settings are visible and available on the connector resource as well as the collector. If you are using a connector of this type on a collector, the values of TLS mode and Compression settings are sent to the destination of automatically created agents.

Receiving events from a remote device

Conditions for receiving events from a remote Windows device hosting a KUMA agent:

To start the KUMA agent on the remote device, you must use an account with the “Log on as a service” permissions.
To receive events from the KUMA agent, you must use an account with Event Log Readers permissions. For domain servers, one such user account can be created so that a group policy can be used to distribute its rights to read logs to all servers and workstations in the domain.
TCP ports 135, 445, and 49152–65535 must be opened on the remote Windows devices.
You must run the following services on the remote machines:
- Remote Procedure Call (RPC)
- RPC Endpoint Mapper

Article ID: 220751, Last review: Apr 23, 2025

Page top