Definition

Indicators of Compromise (IOC)

Contributor(s): Madelyn Bacon

Indicators of Compromise (IOC) are pieces of forensic data, such as data found in system log entries or files, that identify potentially malicious activity on a system or network.

Examples of IOC include unusual network traffic, unusual privileged user account activity, login anomalies, increases in database read volume, suspicious registry or system file changes, unusual DNS requests and Web traffic showing non-human behavior. These and other unusual activities allow security teams monitoring the systems and networks to spot malicious actors earlier in the intrusion detection process.

Documenting IOC and their associated threats allows the industry to share this information and improve incident response and computer forensics. For this reason, efforts are being made by groups like OpenIOC, STIX and TAXII among others to standardize IOC documentation and reporting.

This was last updated in October 2015

Continue Reading About Indicators of Compromise (IOC)

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Have you ever noticed IOCs? Did they help detect a threat earlier than usual?
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close