Indicators of Compromise (IOC)
Indicators of Compromise (IOC) are pieces of forensic data, such as data found in system log entries or files, that identify potentially malicious activity on a system or network.
Examples of an IOC include unusual network traffic, unusual privileged user account activity, login anomalies, increases in database read volume, suspicious registry or system file changes, unusual DNS requests and Web traffic showing non-human behavior. These and other unusual activities allow security teams monitoring the systems and networks to spot malicious actors earlier in the intrusion detection process.
Documenting IOC and their associated threats allows the industry to share this information and improve incident response and computer forensics. For this reason, efforts are being made by groups like OpenIOC, STIX and TAXII among others to standardize IOC documentation and reporting.
