I published the following diary on isc.sans.edu: “Do you collect “Observables” or “IOCs”?“:
Indicators of Compromise, or IOCs, are key elements in blue team activities. IOCs are mainly small pieces of technical information that have been collected during investigations, threat hunting activities or malware analysis. About the last example, the malware analyst’s goal is identify how the malware is behaving and how to indentify it.
Most common IOCs are… [Read more]