From Surf Wiki (app.surf) — the open knowledge base
Indicator of compromise
Indication of a computer intrusion
Indication of a computer intrusion
An indicator of compromise (IoC) in computer forensics is an artifact observed on a computer network or within an operating system that, with high confidence, indicates a computer intrusion.{{cite web | access-date = 5 June 2019 | archive-url = https://web.archive.org/web/20170914034202/https://blogs.rsa.com/understanding-indicators-of-compromise-ioc-part-i/ | archive-date= 14 September 2017 | url-status = dead
Types of indicators
Common IoCs include virus signatures, suspicious IP addresses, MD5 hashes of malware files, and malicious URLs or domain names associated with botnet command and control servers. Once IoCs are identified through incident response or forensic analysis, they can be used for early detection of future attacks with intrusion detection systems and antivirus software.
Automation and sharing
Several standards and initiatives aim to automate IoC processing and sharing:
- The Incident Object Description Exchange Format (IODEF) standardizes how incident information is described and exchanged.{{cite web | access-date = 5 June 2019
- Structured Threat Information Expression (STIX) is used to represent cyber threat information.{{cite web | access-date = 5 June 2019
Known indicators are often exchanged within the cybersecurity industry, commonly using the Traffic Light Protocol (TLP) to indicate how information may be shared.{{cite web | access-date = 31 December 2019 Other frameworks and standards are also used to support secure information sharing.{{cite web | access-date = 31 December 2019 |access-date = 31 December 2019 |archive-date = 25 October 2016 |archive-url = https://web.archive.org/web/20161025191001/https://www.trusted-introducer.org/ISTLPv11.pdf |url-status = dead | access-date = 31 December 2019 | access-date = 31 December 2019 | access-date = 31 December 2019 | access-date = 31 December 2019 | url-status = dead | archive-url = https://web.archive.org/web/20130205072939/http://ccip.govt.nz/incidents/tlp.html | archive-date= 5 February 2013
References
This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page.
Ask Mako anything about Indicator of compromise — get instant answers, deeper analysis, and related topics.
Research with MakoFree with your Surf account
Create a free account to save articles, ask Mako questions, and organize your research.
Sign up freeThis content may have been generated or modified by AI. CloudSurf Software LLC is not responsible for the accuracy, completeness, or reliability of AI-generated content. Always verify important information from primary sources.
Report