For further guidance, you can refer to the official FortiSIEM External Systems Configuration Guide .
omi new is often used in OMI scripting or shell commands to create a new instance of a class or to initiate a query. For example:
— The database is corrupted. Proceed to rebuild. 2. Rebuild a Broken Repository
wmic os get caption
Indicates the issue might be with how the specific monitoring agent is processing the metadata. PowerShell commands
When using omicli or omi-new syntax, ensure you target the correct location for the class. Add --namespace root/cimv2 to your command string. Example: omicli ei root/cimv2 Win32_OperatingSystem Verify WMI Locally
When facing this issue, the troubleshooting approach should cover networking, permissions, and WMI health. 1. Validate Network and Port Connectivity win32operatingsystem result not found via omi new
You can bypass the UI and test OMI connectivity directly from your collector’s CLI using the
or
Get-WmiObject Win32_OperatingSystem
OMI communicates via WinRM (Windows Remote Management). If the listener is restricted to specific IP addresses or if the authentication headers (Basic vs. Kerberos) are mismatched, the handshake may fail before the query executes. 🔧 How to Resolve the Issue Explicitly Define the Namespace
/opt/phoenix/bin/omic -s /opt/phoenix/config/smb.conf -U "DOMAIN/USER%PASSWORD" // 'SELECT * FROM Win32_OperatingSystem' Use code with caution.
Use ping and telnet to verify that the monitoring collector can reach the target host. 2. Check User Credentials and Permissions For further guidance, you can refer to the
Following this workflow ensures that the target Windows host can expose the Win32_OperatingSystem properties smoothly across the OMI pipeline. To help target the precise cause, let me know: