- Notes, cautions, and warnings
- Introduction
- Requirements
- Download the software
- Verify the installation package
- Installation
- Uninstall Trusted Device
- Features
- Interoperability
- Run the BIOS Verification agent
- Results, troubleshooting, and remediation
BIOS Events & Indicators of Attack enables administrators to analyze events in the Windows Event Viewer that may indicate bad actors targeting BIOS on enterprise endpoints. Bad actors change BIOS attributes to gain access to enterprise computers locally or remotely. These attack vectors can be monitored then mitigated through the BIOS Events & Indicators of Attack features' ability to monitor BIOS attributes. The Trusted Device agent collects BIOS attributes after installation and every 12 hours by default. BIOS Events & Indicators of Attack data is retained for 200 days.
It is recommended using a SIEM product to retrieve logs and events. Administrators should provide results to their SOC team to determine appropriate remediation strategies.
To see additional information including types of events and event location, see Results, Troubleshooting, and Remediation.