Indicator Aging
Indicator aging is the process of reducing confidence or removing stale IOCs from blocklists as infrastructure is retaken, sinkholed, or reassigned. Without aging, blocklists accumulate false positives and block legitimate services on recycled IPs.
Frequently Asked Questions
What is Indicator Aging?
Indicator aging is the process of reducing confidence or removing stale IOCs from blocklists as infrastructure is retaken, sinkholed, or reassigned. Without aging, blocklists accumulate false positives and block legitimate services on recycled IPs.
How is Indicator Aging related to False Positive?
Indicator Aging and False Positive are both key concepts in threat intelligence. A false positive in threat intelligence is a benign indicator incorrectly classified as malicious. High false positive rates waste analyst time and cause legitimate traffic to be blocked. isMalicious uses multi-source correlation and reliability weighting to minimize false positives below 0.1% for high-confidence verdicts.