%% You should probably cite draft-ietf-opsec-indicators-of-compromise instead of this I-D.
@techreport{paine-smart-indicators-of-compromise-00,
    number =    {draft-paine-smart-indicators-of-compromise-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-paine-smart-indicators-of-compromise/00/},
    author =    {Kirsty Paine and Ollie Whitehouse},
    title =     {{Indicators of Compromise (IoCs) and Their Role in Attack Defence}},
    pagetotal = 15,
    year =      ,
    month =     ,
    day =       ,
    abstract =  {Indicators of Compromise (IoCs) are an important technique in attack defence (often called cyber defence). This document outlines the different types of IoC, their associated benefits and limitations, and discusses their effective use. It also contextualises the role of IoCs in defending against attacks through describing a recent case study. This draft does not pre-suppose where IoCs can be found or should be detected - as they can be discovered and deployed in networks, endpoints or elsewhere - rather, engineers should be aware that they need to be detectable (either by endpoint security appliances or network-based defences, or ideally both) to be effective.},
}