Editing Indicators of compromise (IOC)

Jump to navigation Jump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
[[wikipedia:Indicator of compromise]]
 
 
 
When a threat actor makes changes to a system, either by direct action, malware, or other exploits, forensic artifacts are left behind in the system. IOCs act as bread crumbs for investigators, providing little clues that can help identify the presence of an attack on a system.
 
When a threat actor makes changes to a system, either by direct action, malware, or other exploits, forensic artifacts are left behind in the system. IOCs act as bread crumbs for investigators, providing little clues that can help identify the presence of an attack on a system.
  
Line 7: Line 5:
 
A common set:
 
A common set:
  
* Unusual outbound network traffic
+
*Unusual outbound network traffic
* Anomalies in privileged user account activity
+
*Anomalies in privileged user account activity
* Geographical irregularities in network traffic
+
*Geographical irregularities in network traffic
* Account login red flags
+
*Account login red flags
* Increases in database read volumes
+
*Increases in database read volumes
* HTML response sizes
+
*HTML response sizes
* Large numbers of requests for the same file
+
*Large numbers of requests for the same file
* Mismatched port-application traffic, including encrypted traffic on plain ports
+
*Mismatched port-application traffic, including encrypted traffic on plain ports
* Suspicious registry or system file changes
+
*Suspicious registry or system file changes
* Unusual DNS requests
+
*Unusual DNS requests•  Unexpected patching of systems
* Unexpected patching of systems
+
*Mobile device profile changes
* Mobile device profile changes
+
*Bundles of data in the wrong place
* Bundles of data in the wrong place
+
*Web traffic with nonhuman behavior
* Web traffic with nonhuman behavior
+
*Signs of DDoS activity, even if temporary
* Signs of DDoS activity, even if temporary
 
 
 
== Related terms ==
 
* [[IOA]]
 
 
 
==See also==
 
* {{SOC}}
 
* {{CEH}}
 
 
 
[[Category: Security]]
 

Please note that all contributions to wikieduonline may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see Wikieduonline:Copyrights for details). Do not submit copyrighted work without permission!

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://www.wikieduonline.com/wiki/Indicators_of_compromise_(IOC)"

Advertising: