IOC: Indicator of Compromise in Cybersecurity
IOC stands for Indicator of Compromise. An IOC is a piece of forensic evidence that signals a system or network has been breached. Common IOCs include malicious IP addresses, file hashes, domain names, and registry key modifications.
How IOC Is Used in Cybersecurity
Threat intelligence analysts collect and share IOCs through feeds and platforms like STIX/TAXII. SOC analysts search SIEM and EDR telemetry for IOC matches to identify compromised assets. Incident responders use IOCs to scope an intrusion and determine how far an attacker has spread.
Read the full glossary entry: Indicators of Compromise in Cybersecurity
Cybersecurity Roles That Work with IOC
Related Cybersecurity Acronyms
Frequently Asked Questions
What does IOC stand for?
IOC stands for Indicator of Compromise. An IOC is a piece of forensic evidence that signals a system or network has been breached. Common IOCs include malicious IP addresses, file hashes, domain names, and registry key modifications.
What is IOC used for in cybersecurity?
Threat intelligence analysts collect and share IOCs through feeds and platforms like STIX/TAXII. SOC analysts search SIEM and EDR telemetry for IOC matches to identify compromised assets. Incident responders use IOCs to scope an intrusion and determine how far an attacker has spread.
Definitions are original explanations written for career development purposes. For authoritative technical definitions, refer to NIST, ISO, or the relevant standards body.
Get cybersecurity career insights delivered weekly
Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.
Get Cybersecurity Career Intelligence
Weekly insights on threats, job trends, and career growth.
Unsubscribe anytime. More options