	US 12,135,787 B2
	Detection of indicators of attack
Marc N. McGarry, Murphy, TX (US); Nizar A. Basan, Garland, TX (US); Bradley C. Rood, Grapevine, TX (US); and Andy A. Yiu, Austin, TX (US)
Assigned to Dell Products L.P., Round Rock, TX (US)
Filed by DELL PRODUCTS L.P., Round Rock, TX (US)
Filed on Aug. 26, 2022, as Appl. No. 17/896,622.
Application 17/896,622 is a continuation of application No. 17/193,152, filed on Mar. 5, 2021, granted, now 11,507,661.
Prior Publication US 2022/0414220 A1, Dec. 29, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/00 (2013.01); G06F 21/56 (2013.01); G06F 21/57 (2013.01)

CPC G06F 21/566 (2013.01) [G06F 21/572 (2013.01); G06F 2221/034 (2013.01)]

20 Claims

1. An information handling system comprising:

a basic input/output system (BIOS), the BIOS including a plurality of BIOS attributes associated with the information handling system; and

a processor to communicate with the BIOS, the processor to:

scan a current state of each of the BIOS attributes;

store one or more changed BIOS attributes as one or more BIOS events;

collect a boot number value associated with one of the changed BIOS attributes, wherein the boot number value indicates a boot cycle during which a given BIOS change must be made;

convert the one or more changed BIOS events into a different threat event, wherein the changed BIOS events are converted from a first data format to a second data format of the different threat event;

determine whether a first threat event matches threat criteria in a threat chain policy, wherein the first threat event is associated with a first changed BIOS attribute of the BIOS attributes;

in response to the first threat event matching a threat criterion in the threat chain policy, provide a threat state change; and

provide new threat state changes to a threat state change consumer.