[SANS ISC] Do you collect “Observables” or “IOCs”?

I published the following diary on isc.sans.edu: “Do you collect “Observables” or “IOCs”?“:

Indicators of Compromise, or IOCs, are key elements in blue team activities. IOCs are mainly small pieces of technical information that have been collected during investigations, threat hunting activities or malware analysis. About the last example, the malware analyst’s goal is identify how the malware is behaving and how to indentify it.

Most common IOCs are… [Read more]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.