Indicators of compromise (IOC) are systems artifacts that could be the result of a security breach of a system. Examples of such indicators are the presence of particular files, processes, or users. Typically these indicators have names that are similar to system components with the goal to decrease the chance of discovery.
IOC scanners are typically used for intrusion detection and system compromise detection.
Users for these tools include forensic specialists and security professionals.
Popular IOC scanners
Loki (file scanner to detect indicators or compromise)
digital forensics, intrusion detection, security monitoring
Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.
rastrea2r (threat hunting for IOCs)
digital forensics, malware detection, threat discovery, threat hunting
Rastrea2r is a threat hunting utility for indicators of compromise (IOC). It is named after the Spanish word rastreador, which means hunter. This multi-platform open source tool helps incident responders and SOC analysts to triage suspected systems. The hunt for IOCs can be achieved in just a matter of a few minutes.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.