Indicators of Compromise (IOCs)
IOC Management
This section will provide insights into collecting, managing, and utilizing IOCs for threat detection and response.
Content for this page is currently under development.
Future content may include:
- Types of IOCs (IP addresses, domains, hashes, etc.).
- Sources of IOCs (threat intelligence feeds, incident response findings).
- Integrating IOCs into SIEM and security tools.
- IOC lifecycle management (validation, expiration).
- Searching and pivoting on IOCs during investigations.
Previously Covered Topics (For Reference):
Types of IOCs
- IP Addresses, Domains, URLs
- File Hashes (MD5, SHA1, SHA256)
- Malware Signatures
Sources of IOCs
- Threat Intelligence Feeds
- Incident Response Engagements
- ISACs
IOC Lifecycle Management
- Collection & Ingestion
- Validation & Enrichment
- Expiration & Archival
Integrating IOCs with SIEM
- Creating watchlists.
- Developing correlation rules.
- Retro-hunting.