GLOSSARY  /  Indicator of Compromise (IOC)

What is Indicator of Compromise (IOC)?

A piece of forensic evidence that suggests a system has been breached.

IOCs include malicious IPs, domains, file hashes, URLs, registry keys, and mutexes. Defenders ingest IOC feeds to detect and block known threats.

IOCs are reactive; behavioral indicators (TTPs) are more durable.

Related free tools

Related terms

Part of the Ciphers Security glossary. Free reference for analysts, defenders & learners.