Skip to main content

Indicators of Compromise (IoCs) and Their Role in Attack Defence

Document Type Replaced Internet-Draft (individual)
Expired & archived
Authors Kirsty Paine , Ollie Whitehouse , James Sellwood , Andrew S
Last updated 2022-01-12
Replaced by draft-ietf-opsec-indicators-of-compromise
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-opsec-indicators-of-compromise
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Cyber defenders frequently rely on Indicators of Compromise (IoCs) to identify, trace, and block malicious activity in networks or on endpoints. This draft reviews the fundamentals, opportunities, operational limitations, and best practices of IoC use. It highlights the need for IoCs to be detectable in implementations of Internet protocols, tools, and technologies - both for the IoCs' initial discovery and their use in detection - and provides a foundation for new approaches to operational challenges in network security.


Kirsty Paine
Ollie Whitehouse
James Sellwood
Andrew S

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)