WISdom Prerequisites
  • 01 Oct 2024
  • 2 Minutes to read
  • Contributors
  • Dark
    Light
  • PDF

WISdom Prerequisites

  • Dark
    Light
  • PDF

Article summary

WISdom Prerequisites

The WISdom services require a machine with the following components and port access to support the data collection:

  • Windows Management Framework (WMF) 5.1
    • This is included in most Windows OS and Server installations
  • The OS version must be equivalent or higher the monitored machines
    • The OS must have the same or higher patching applied than the monitored machines to successfully collect the WMI metrics
  • .NET Desktop Runtime 8
  • Access to all the servers managed by WISdom on the following ports:
    • SQL Server Port (1433, or other defined SQL Ports)
    • SQL Browser if named instances are used – Port 1434
    • WMI Ports
      • 135
      • 49154 - In most cases this RDP port is available and will be used
        • Cases where 49154 is not available, a port range may be required
          • 49152-65535
    • Performance counters – Port 445
    • Outbound firewall rules must allow access
      • AWS S3 over HTTPS
      • Azure URL: https://collectorapi.fortifiedwisdom.com
  • To ensure optimal performance of the WISdom service, we recommend excluding the following folders from any antivirus scans. Scanning these folders can degrade the performance of the collection service, causing delays in data processing or gaps in collections:
    • %Installation Folder%\CollectorResults
    • %Installation Folder%\UploadReady
    • %Installation Folder%\ESUploadReady (If it exists)
Default Installation Location

C:\Program Files\Fortified Insight\Wisdom\

Monitoring Service Account

The WISdom Collection service is a Windows service that runs with a Windows domain account. The requirements for the service account are as follows:

  • It is a Windows domain account
  • Has Log on as Service permissions
  • Is a local Administrator on the server hosting the service

Monitoring Virtual/OnPrem Machines and SQL Instances

Windows Monitoring

The Monitoring Service Account may be used, or different Window account may be configured and utilized for the collection.

  • Local or Domain Account with:
  • Remote WMI access on the servers it will be used against
  • Remote DCOM access on the servers it will be used against

SQL Instance Monitoring

To collect data from a SQL Instance, the Monitoring Service Account, a different Windows account, or a SQL account may be used for collection. If a SQL Account is used and a Windows account does not have access to the Host, then the Host Server WMI data will not be collected. The permissions required by the account are:

  • For SQL versions prior to 2022, Sysadmin privileges
  • For SQL Server 2022 and above, must be a member of both the ##MS_ServerStateReader## and ##MS_DefinitionReader## roles

Monitoring Azure

The account that will connect to an Azure connection may be the Monitoring Service Account, a different Windows account, or a SQL account. For Managed Instances and Azure SQL Databases, Host metrics will be limited or not be accessible. The permissions required by the account are:

  • A member of the ##MS_ServerStateReader## role
    • ALTER ROLE ##MS_ServerStateReader## ADD MEMBER <Service_Account/Collection_Accoutnt>
  • A member of the ##MS_DefinitionReader## role
    • ALTER ROLE ##MS_ServerStateReader## ADD MEMBER <Service_Account/Collection_Accoutnt>

Proxy Configuration

If a proxy is used for outbound communication, you must set the HTTPS_PROXY environment variable on machines hosting the Data Collection Services before starting the MSI installer or the Collector service.

Note: the proxy must support HTTP/2


Was this article helpful?