IOC (Indicator of Compromise)
An Indicator of Compromise is a piece of forensic data — such as a malicious IP address, domain, URL, file hash, or email address — that signals a system has been compromised or attacked. Security teams use IOCs to detect, block, and investigate threats.
Frequently Asked Questions
What is IOC (Indicator of Compromise)?
An Indicator of Compromise is a piece of forensic data — such as a malicious IP address, domain, URL, file hash, or email address — that signals a system has been compromised or attacked. Security teams use IOCs to detect, block, and investigate threats.
How is IOC (Indicator of Compromise) related to TTP (Tactics, Techniques, and Procedures)?
IOC (Indicator of Compromise) and TTP (Tactics, Techniques, and Procedures) are both key concepts in threat intelligence. TTPs describe the behavior of threat actors: the high-level goals they pursue (tactics), the specific methods they use to achieve those goals (techniques), and the detailed, repeatable actions that implement those methods (procedures). The MITRE ATT&CK framework catalogues TTPs used by real adversaries.