During an investigation, a security analyst extracts several file hashes and suspicious IP addresses from the affected server's logs. Which term best describes these artifacts that the analyst will share with other teams to enable detection of the same threat in additional environments?
File hashes, malicious IP addresses, and similar forensic artifacts are called indicators of compromise (IOCs). IOCs are concrete pieces of evidence that a breach has occurred and, once cataloged, can be fed into SIEM, EDR, and threat-intelligence platforms to help other analysts recognize and block the same attack pattern. Indicators of attack describe precursors rather than confirmed breaches, threat-intelligence feeds are data sources rather than individual artifacts, and the cyber kill chain is a high-level framework for mapping attacker actions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are IoCs in cybersecurity?
Open an interactive chat with Bash
How do IoCs differ from Anti-Virus Alerts?
Open an interactive chat with Bash
What is an example of corroborating evidence for detecting a breach?