Indicator of compromise - Wikipedia

Indicator of compromise (IoC) in computer forensics is an artifact observed on a network or in an operating system that, with high confidence, ... Indicatorofcompromise FromWikipedia,thefreeencyclopedia Jumptonavigation Jumptosearch Artifactobservedonanetworkorinanoperatingsystemthatindicatesacomputerintrusion Indicatorofcompromise(IoC)incomputerforensicsisanartifactobservedonanetworkorinanoperatingsystemthat,withhighconfidence,indicatesacomputerintrusion.[1] Contents 1Typesofindication 2Automation 3Seealso 4References Typesofindication[edit] TypicalIoCsarevirussignaturesandIPaddresses,MD5hashesofmalwarefiles,orURLsordomainnamesofbotnetcommandandcontrolservers.AfterIoCshavebeenidentifiedviaaprocessofincidentresponseandcomputerforensics,theycanbeusedforearlydetectionoffutureattackattemptsusingintrusiondetectionsystemsandantivirussoftware. Automation[edit] ThereareinitiativestostandardizetheformatofIoCdescriptorsformoreefficientautomatedprocessing.[2][3]Knownindicatorsareusuallyexchangedwithintheindustry,wheretheTrafficLightProtocolisbeingused.[4][5][6][7][8][9][10] Seealso[edit] AlienVault Mandiant Malware MalwareInformationSharingPlatform Thiscomputersecurityarticleisastub.YoucanhelpWikipediabyexpandingit.vte References[edit] ^Gragido,Will(October3,2012)."UnderstandingIndicatorsofCompromise(IoC)PartI".RSA.ArchivedfromtheoriginalonSeptember14,2017.RetrievedJune5,2019. ^"TheIncidentObjectDescriptionExchangeFormat".RFC5070.IETF.December2007.Retrieved2019-06-05. ^"IntroductiontoSTIX".Retrieved2019-06-05. ^"FIRSTannouncesTrafficLightProtocol(TLP)version1.0".ForumofIncidentResponseandSecurityTeams.Retrieved2019-12-31. ^Luiijf,Eric;Kernkamp,Allard(March2015)."SharingCyberSecurityInformation"(PDF).GlobalConferenceonCyberSpace2015.ToegepastNatuurwetenschappelijkOnderzoek.Retrieved2019-12-31. ^Stikvoort,Don(11November2009)."ISTLP-InformationSharingTrafficLightProtocol"(PDF).TrustedIntroducer.NationalInfrastructureSecurityCo-ordinationCentre.Retrieved2019-12-31. ^"DevelopmentofPoliciesforProtectionofCriticalInformationInfrastructures"(PDF).OrganisationforEconomicCo-operationandDevelopment(OECD).Retrieved2019-12-31. ^"ISO/IEC27010:2015[ISO/IEC27010:2015]|Informationtechnology—Securitytechniques—Informationsecuritymanagementforinter-sectorandinter-organizationalcommunications".InternationalOrganizationforStandardization/InternationalElectrotechnicalCommission.November2015.Retrieved2019-12-31. ^"TrafficLightProtocol(TLP)DefinitionsandUsage".UnitedStatesDepartmentofHomelandSecurity.Retrieved2019-12-31. ^"TrafficLightProtocol".CentreforCriticalInfrastructureProtection.Archivedfromtheoriginalon2013-02-05.Retrieved2019-12-31. Retrievedfrom"https://en.wikipedia.org/w/index.php?title=Indicator_of_compromise&oldid=1060663491" Categories:ComputersecuritystubsComputerforensicsIndicatorsHiddencategories:ArticleswithshortdescriptionShortdescriptionmatchesWikidataAllstubarticles Navigationmenu Personaltools NotloggedinTalkContributionsCreateaccountLogin Namespaces ArticleTalk English Views ReadEditViewhistory More Search Navigation MainpageContentsCurrenteventsRandomarticleAboutWikipediaContactusDonate Contribute HelpLearntoeditCommunityportalRecentchangesUploadfile Tools WhatlinkshereRelatedchangesUploadfileSpecialpagesPermanentlinkPageinformationCitethispageWikidataitem Print/export DownloadasPDFPrintableversion Languages DeutschEspañolFrançaisIgboItalianoעברית日本語 Editlinks