White Papers
BIOS Events & Indicators of Attack
BIOS Events & Indicators of Attack enables administrators to analyze events in the Windows Event Viewer that may indicate
bad actors targeting BIOS on enterprise endpoints. Bad actors change BIOS attributes to gain access to enterprise computers
locally or remotely. These attack vectors can be monitored then mitigated through the BIOS Events & Indicator of Attack
features' ability to monitor BIOS attributes. The Trusted Device agent collects BIOS attributes after installation and every 12
hours by default.
It is recommended using a SIEM product to retrieve logs and events. Administrators should provide results to their SOC team to
determine appropriate remediation strategies.
To see additional information including types of events and event location, see Results, Troubleshooting, and Remediation.
8
20 BIOS Events & Indicators of Attack