%% You should probably cite draft-ietf-opsec-indicators-of-compromise instead of this I-D. @techreport{paine-smart-indicators-of-compromise-03, number = {draft-paine-smart-indicators-of-compromise-03}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-paine-smart-indicators-of-compromise/03/}, author = {Kirsty Paine and Ollie Whitehouse and James Sellwood}, title = {{Indicators of Compromise (IoCs) and Their Role in Attack Defence}}, pagetotal = 27, year = 2021, month = jul, day = 12, abstract = {Cyber defenders frequently rely on Indicators of Compromise (IoCs) to identify, trace, and block malicious activity in networks or on endpoints. This draft reviews the fundamentals, opportunities, operational limitations, and best practices of IoC use. It highlights the need for IoCs to be detectable in implementations of Internet protocols, tools, and technologies - both for the IoCs' initial discovery and their use in detection - and provides a foundation for new approaches to operational challenges in network security.}, }