Indicators of compromise (IOCs) serve as forensic evidence of potential intrusions on a host system or network. These artifacts enable information security (InfoSec) professionals and system administrators to detect intrusion attempts or other malicious activities. Security researchers use IOCs to better analyze a particular malware’s techniques and behaviors. IOCs also provides actionable threat intelligence that can be shared within the community to further improve an organization’s incident response and remediation strategies.
Some of these artifacts are found on event logs and timestamped entries in the system, as well as on its applications and services. InfoSec professionals and IT/system administrators also employ various tools that monitor IOCs to help mitigate, if not prevent, breaches or attacks.
Here are some indicators of compromise information security professionals and system administrators watch out for: