IOC Enrichment
IOC enrichment augments a bare indicator — an IP, domain, or hash — with context such as risk score, confidence, categories, WHOIS, DNS, geolocation, and related infrastructure. Enrichment turns block/allow decisions into informed analyst and automation workflows.
Frequently Asked Questions
What is IOC Enrichment?
IOC enrichment augments a bare indicator — an IP, domain, or hash — with context such as risk score, confidence, categories, WHOIS, DNS, geolocation, and related infrastructure. Enrichment turns block/allow decisions into informed analyst and automation workflows.
How is IOC Enrichment related to IOC (Indicator of Compromise)?
IOC Enrichment and IOC (Indicator of Compromise) are both key concepts in threat intelligence. An Indicator of Compromise is a piece of forensic data — such as a malicious IP address, domain, URL, file hash, or email address — that signals a system has been compromised or attacked. Security teams use IOCs to detect, block, and investigate threats.