Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
14 Days |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
SecureBoot was disabled, this might be indicative of someone trying to install an alternate non UEFI supported OS.
Attacker's Goals
Disable SecureBoot to install another OS on the machine.
Investigative actions
Check if a new operating system was installed on the same hardware.