Indicators of Compromise (IoCs) and Their Role in Attack Defence
draft-paine-smart-indicators-of-compromise-04
| Document | Type | Replaced Internet-Draft (individual) | |
|---|---|---|---|
| Authors | Kirsty Paine , Ollie Whitehouse , James Sellwood , Andrew S | ||
| Last updated | 2022-01-12 | ||
| Replaced by | draft-ietf-opsec-indicators-of-compromise | ||
| Stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
plain text
html
xml
htmlized
pdfized
bibtex
|
||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-opsec-indicators-of-compromise | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
https://www.ietf.org/archive/id/draft-paine-smart-indicators-of-compromise-04.txt
Abstract
Cyber defenders frequently rely on Indicators of Compromise (IoCs) to identify, trace, and block malicious activity in networks or on endpoints. This draft reviews the fundamentals, opportunities, operational limitations, and best practices of IoC use. It highlights the need for IoCs to be detectable in implementations of Internet protocols, tools, and technologies - both for the IoCs' initial discovery and their use in detection - and provides a foundation for new approaches to operational challenges in network security.
Authors
Kirsty Paine
Ollie Whitehouse
James Sellwood
Andrew S
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)