Indicator of compromise

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Oshwah (talk | contribs) at 13:15, 19 January 2018 (Reverted edits by 108.53.151.250 (talk): violates external links policy (HG) (3.3.3)). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Indicator of compromise (IOC) — in computer forensics is an artifact observed on a network or in an operating system that with high confidence indicates a computer intrusion.[1]

Typical IOCs are virus signatures and IP addresses, MD5 hashes of malware files or URLs or domain names of botnet command and control servers. After IOCs have been identified in a process of incident response and computer forensics, they can be used for early detection of future attack attempts using intrusion detection systems and antivirus software.

For more efficient automated processing there are initiatives to standardize the format of IOCs.[2][3] Known indicators are usually exchanged within the industry.[citation needed]

References

  1. ^ "Understanding Indicators of Compromise (IOC) Part I". RSA. 2012. Retrieved February 27, 2013.
  2. ^ "The Incident Object Description Exchange Format". RFC 5070. IETF. 2007. Retrieved February 27, 2013.
  3. ^ "Cyber Observable eXpression (CybOX)". Mitre. Retrieved February 27, 2013.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Indicator_of_compromise&oldid=821274636"