During an incident investigation, a cybersecurity analyst reviews web-server logs and discovers repeated requests originating from a newly registered domain that appears on a threat-intelligence feed listing command-and-control hosts. According to incident-response terminology, what kind of artifact has the analyst identified that suggests an ongoing compromise?
The analyst has located an Indicator of Compromise (IoC). IoCs are forensic artifacts-such as malicious IP addresses, domain names, file hashes, or unusual process behavior-that point to a current breach or imminent attack. Identifying IoCs in system and application logs is a core task during the detection and analysis phase of incident response. Chain of custody pertains to preserving evidence integrity, compensating controls are alternative security measures applied when primary controls are ineffective, and scope and impact analysis is performed later to measure how widely the incident has spread and what damage it caused-none of these terms describe the log artifact itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some examples of Indicators of Compromise (IoCs)?
Open an interactive chat with Bash
How do cybersecurity professionals detect IoCs in log files?
Open an interactive chat with Bash
How do IoCs differ from Indicators of Attack (IoAs)?