Indicators of Compromise, or IOCs, are key elements in blue team activities. IOCs are mainly small pieces of technical information that have been collected during investigations, threat hunting activities or malware analysis. About the last example, the malware analyst's goal is identify how the malware is behaving and how to indentify it.
Do you collect "Observables" or "IOCs"?, (Thu, Nov 10th)
This post was originally published on this site