Compromised Domain: Difference between revisions
No edit summary |
No edit summary |
||
| Line 2: | Line 2: | ||
==Indicators of Compromise== | ==Indicators of Compromise== | ||
Indicators of compromise (IOCs) are forensic evidence of potential intrusions into a host system or network. These artifacts help information security workers and system administrators to detect intrusion attempts and malicious activity. Security researchers use IOCs to analyze [[malware]] techniques and behaviors. IOCs provide actionable, shareable threat intelligence, which the community can use to improve organizations' incident responses and remediation strategies. Some are found on event logs and timestamped entries in a system, applications, or services. They may also be discovered with tools for monitoring and mitigating breaches and attacks. | Indicators of compromise (IOCs) are forensic evidence of potential intrusions into a host system or network. These artifacts help information security workers and system administrators to detect intrusion attempts and malicious activity. Security researchers use IOCs to analyze [[malware]] techniques and behaviors. IOCs provide actionable, shareable threat intelligence, which the community can use to improve organizations' incident responses and remediation strategies. Some are found on event logs and timestamped entries in a system, applications, or services. They may also be discovered with tools for monitoring and mitigating breaches and attacks. | ||
===Common IOCs== | ===Common IOCs=== | ||
* Unusual traffic going in and out of the network | * Unusual traffic going in and out of the network | ||
* Unknown files, applications, and processes in the system | * Unknown files, applications, and processes in the system | ||