Definition

Indicators of Compromise (IOC)

Madelyn Bacon, TechTarget

Indicators of Compromise (IOC) are pieces of forensic data, such as data found in system log entries or files, that identify potentially malicious activity on a system or network.

Examples of an IOC include unusual network traffic, unusual privileged user account activity, login anomalies, increases in database read volume, suspicious registry or system file changes, unusual DNS requests and Web traffic showing non-human behavior. These and other unusual activities allow security teams monitoring the systems and networks to spot malicious actors earlier in the intrusion detection process.

Documenting IOC and their associated threats allows the industry to share this information and improve incident response and computer forensics. For this reason, efforts are being made by groups like OpenIOC, STIX and TAXII among others to standardize IOC documentation and reporting.

This was last updated in October 2015

Continue Reading About Indicators of Compromise (IOC)

Command-and-control servers: The puppet masters that govern malware

Using IOC (Indicators of Compromise) in Malware Forensics

Cybersecurity information sharing: Industries join forces

Top 15 Indicators Of Compromise

Indicators of Compromise (IOC)

Continue Reading About Indicators of Compromise (IOC)

Dig Deeper on Security operations and management

threat detection and response (TDR)

FBI: Suspected Chinese actors continue Barracuda ESG attacks

5 digital forensics tools experts use in 2023

Why is malware analysis important?

Continue Reading About Indicators of Compromise (IOC)

Related Terms

Dig Deeper on Security operations and management

threat detection and response (TDR)

FBI: Suspected Chinese actors continue Barracuda ESG attacks

5 digital forensics tools experts use in 2023

Why is malware analysis important?