WmiPersistenceInfo
WMI persistence event occurs when a WMI event is subscribed and triggered.
Property |
Type |
Description |
|---|---|---|
EventFilterName |
String |
Name of the used EventFilter |
EventConsumerName |
String |
A name of a consumer which triggers an action when a specific event arrives |
Handler |
String |
Command line executed by an event consumer |
Query |
String |
A query in an event filter that captures events that should execute an action |
TriggeringUserName |
String |
A name of a user who triggered an event matched by a filter |
TriggeringUserSid |
String |
Triggering the user's security ID |
TriggeringUserSidNameUse |
Int |
Triggering the user's SID type |
Example:
<rule> <definition> <operations> <operation type="WmiPersistence" > <condition component="WmiPersistenceInfo" property="TriggeringUserName" condition="is" value="domain\user.name"/> </operation> </operations> </definition> <description> <name>WMI Persistence event triggered by user.name</name> <category>Default</category> </description> </rule> |
Supported Operations and their components:
|
WmiPersistenceInfo |
|---|---|
WmiPersistence |
X |