IOC scanners

Introduction

Indicators of compromise (IOC) are systems artifacts that could be the result of a security breach of a system. Examples of such indicators are the presence of particular files, processes, or users. Typically these indicators have names that are similar to system components with the goal to decrease the chance of discovery.

Usage

IOC scanners are typically used for intrusion detection and system compromise detection.

Users for these tools include forensic specialists, security professionals.

Tools

Loki (file scanner to detect indicators or compromise)

digital forensics, intrusion detection, security monitoring

Loki is security tool to find so-called indicators of compromise (IOC). It does this by scanning files and then uses pattern matching.

rastrea2r (threat hunting for IOCs)

digital forensics, malware detection, threat discovery, threat hunting

Rastrea2r is a threat hunting utility for indicators of compromise (IOC). It is named after the Spanish word rastreador, which means hunter. This multi-platform open source tool helps incident responders and SOC analysts to triage suspected systems. The hunt for IOCs can be achieved in just a matter of a few minutes.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.