WMI-IDS is a proof-of-concept agent-less host intrusion detection system designed to showcase the unique ability of WMI to respond to and react to operating system events in real-time.
WMI-IDS is a PowerShell module that serves as an installer of WMI events on a local or remote system. The presence of PowerShell is not a requirement on the target system.
Import-Module <path to WMI_IDS.psm1>
Imports the WMI_IDS PowerShell module and makes its functions publicly accessible.
Get-Command -Module WMI_IDS
Lists the functions exposed in the WMI_IDS module.
Prints the detailed help for any of the WMI_IDS module functions.