White Papers
BIOS Events & Indicators of Attack
BIOS Events & Indicators of Attack enables administrators to analyze events in the Windows Event Viewer that may indicate bad actors
targeting BIOS on enterprise endpoints. Bad actors change BIOS attributes to gain access to enterprise computers locally or remotely.
These attack vectors can be monitored then mitigated through the BIOS Events & Indicator of Attack features' ability to monitor BIOS
attributes. If the Trusted Device agent is active on the computer, BIOS Events & Indicators of Attack runs every 12 hours by default.
It is recommended using a SIEM product to retrieve logs and events. Administrators should provide results to their SOC team to determine
appropriate remediation strategies.
To see additional information including types of events and event location, see Results, Troubleshooting, and Remediation.
7
16 BIOS Events & Indicators of Attack