What is an IOC?

Indicators of compromise (IOC) are systems artifacts that could be the result of a security breach of a system. Examples of such indicators are the presence of particular files, processes, or users. Typically these indicators have names that are similar to system components with the goal to decrease the chance of discovery.

Tool categories

There is 1 tool collection available that covers IOC:

Security tools

The following security tools are linked to IOC and are worth investigating.

  • Fenrir (indicators of compromise scanner)
  • Loki (file scanner to detect indicators or compromise)
  • TheHive (security incident response platform)
  • rastrea2r (threat hunting for IOCs)