IoC

IoC stands for Indicator of Compromise. In cybersecurity, an IoC is an observable artifact, such as a file hash, IP address, or domain name, that suggests that a system or network may have been compromised by a security threat. IoCs are used to identify potential security incidents and to help in the investigation and response to those incidents.

What are the different types of IoC?

There are many different types of IoCs, including:

• File hashes: A file hash is a unique identifier for a file that can be used to verify its authenticity. If a file has a hash that matches a known malware signature, it may be an indicator of a compromise.
• IP addresses: An IP address is a unique identifier for a device on the internet. If a device is communicating with an IP address that is known to be associated with a malware command and control server, it may be an indicator of compromise.
• Domain names: A domain name is a human-readable identifier for a website or other internet resource. If a device is communicating with a domain name that is known to be associated with a malware command and control server, it may be an indicator of compromise.
• Registry keys: A registry key is a setting or configuration stored in the Windows registry. If a registry key has been changed or created in an unusual way, it may be an indicator of compromise.
• Network traffic patterns: Unusual patterns of network traffic, such as large amounts of data being sent to an external server, may be an indicator of compromise.
• Unusual system behavior: Unusual behavior of a system, such as high CPU usage or unusual network connections, may be an indicator of compromise.

How IoC is used for threat intelligence?

IoCs are a critical component of cyber threat intelligence (CTI). CTI is the process of gathering, analyzing, and disseminating information about potential or actual threats to an organization's systems or networks. IoCs are used by security teams to identify and investigate potential security incidents, and to help in the response to those incidents.

IoC-based threat intelligence can be used in a number of ways, including:

• Detection: IoCs can be used to detect potential security incidents by monitoring for the presence of known malicious artifacts, such as malware signatures or known malicious IP addresses.
• Investigation: When a security incident is detected, IoCs can be used to help investigate the incident by providing information about the nature of the threat and how it may have entered the network.
• Response: IoCs can be used to help in the response to a security incident by providing information about how to contain and remediate the threat.

How IoCs are used in Sekoia.io’s SOC platform?

In Sekoia.io's SOC platform, IoCs play a crucial role in our Cyber Threat Intelligence (CTI) and detection capabilities. Our platform integrates millions of high-fidelity IoCs, derived from our extensive research and intelligence feeds, to provide comprehensive threat detection and response.

We are a cybersecurity software publisher. We provide SOC and MSSP teams with a turnkey operational security platform (SOC platform). Through our XDR platform, CTI tool and threat intelligence platform, we enable our users to neutralize cyber threats, regardless of the attack surface.