What are Indicators of Compromise (IOC)?
Indicators of Compromise (IOC) are forensic artifacts that indicate a system has been breached. These include file hashes, malicious IP addresses, domain names, or unusual system logs associated with known threats.
IOCs are typically derived from Threat Intelligence and past incidents, making them useful for identifying known attack patterns. They are commonly used alongside tools such as SIEM and Security Information and Event Management (SIEM) platforms for detection.
What are Indicators of Compromise (IOC) used for?
IOCs are used to detect and investigate security incidents by identifying known malicious indicators within an environment. They support Digital Forensics and Incident Response (DFIR) and help organizations contain threats.
However, because IOCs are reactive, they are most effective when combined with Indicators of Attack (IOA) for a more comprehensive detection strategy. Together, they enhance visibility and improve response capabilities.
