Monitor for changes made to firmware for unexpected modifications to settings and/or data that may be used by rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components. Asset management systems should be consulted to understand known-good firmware versions and configurations.
| Data Component | Name | Channel |
|---|---|---|
| Firmware Modification (DC0004) | Firmware | None |