What is IOCs (Indicators of Compromise)?
Indicators of Compromise are observable artifacts — IP addresses, domain names, file hashes, registry keys, or behavioral patterns — that indicate a system has been compromised or is under active attack.
Definition
- IOCs (Indicators of Compromise)
- Indicators of Compromise are observable artifacts — IP addresses, domain names, file hashes, registry keys, or behavioral patterns — that indicate a system has been compromised or is under active attack.
How IOCs (Indicators of Compromise) Works
IOCs are the forensic evidence left by threat actors. They fall into several categories:
Network IOCs: malicious IP addresses, C2 domain names, unusual DNS queries, beaconing patterns. File IOCs: malware file hashes (MD5, SHA-256), known malicious filenames, suspicious file paths. Host IOCs: registry modifications, scheduled tasks, unusual services, process injection artifacts. Email IOCs: sender addresses, subject lines, attachment hashes, embedded URLs.
IOCs are consumed from threat intelligence feeds (STIX/TAXII format), shared in ISACs, published in vendor reports, and discovered during internal investigations. They are loaded into SIEM correlation rules and XDR detection logic for automated matching.
IOCs have a shelf life. Sophisticated actors rotate infrastructure frequently, making IP and domain IOCs ephemeral. File hashes are defeated by polymorphic malware. Behavioral IOCs (TTPs) are more durable and harder for attackers to change.
IOCs (Indicators of Compromise) in SOC Operations
IOC matching is a fundamental SOC workflow. When investigating an alert, analysts check observed artifacts against threat intelligence databases. Finding a known-malicious hash or C2 domain confirms malicious activity and informs the response. SOC Simulator includes threat intelligence lookups in investigation workflows.
Practice IOCs (Indicators of Compromise) in a Real SOC
SOCSimulator provides hands-on training with realistic SIEM, XDR, and Firewall interfaces. Build real analyst skills investigating iocs (indicators of compromise) scenarios with zero consequences — free forever.
Related Terms
Threat intelligence is analyzed, contextualized information about current and emerging cyber threats...
Tactics, Techniques, and Procedures (TTPs) describe the behavioral patterns, methods, and operationa...
MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques observed in...
Security Information and Event Management (SIEM) is a platform that aggregates, normalizes, and corr...
More Concepts Terms
Related SOC Training Resources
SOC Analyst (Tier 1) Career Guide — Salary & Skills
Tier 1 SOC Analysts are the front line. You monitor alert queues, triage incoming detections, classify them as true or f…
Read more Career PathDetection Engineer Career Guide — Salary & Skills
Detection Engineers build the rules, analytics, and automated workflows that determine what the SOC can see. You transla…
Read more Career PathSecurity Engineer Career Guide — Salary & Skills
Security Engineers build and maintain the infrastructure that SOC analysts depend on. You deploy SIEMs, configure firewa…
Read more ComparisonSOCSimulator vs LetsDefend — Comparison
SOCSimulator wins on operational realism. You get multi-tool shift simulation with SLA pressure, noise injection, and al…
Read more ComparisonSOCSimulator vs CyberDefenders — Comparison
SOCSimulator trains the operational workflow: alert triage, correlation, and response under pressure. CyberDefenders tra…
Read more ToolSIEM Training Console — SOCSimulator
The SIEM console in SOCSimulator replicates the workflow of enterprise platforms like Splunk Enterprise Security, Micros…
Read more ToolXDR Training Console — SOCSimulator
The XDR console in SOCSimulator replicates the investigation workflow of platforms like CrowdStrike Falcon, Microsoft De…
Read more TechniqueMITRE ATT&CK Techniques — Detection Training Library
Browse all MITRE ATT&CK techniques with detection strategies and example alerts.
Read more Career PathCybersecurity Career Paths — 2026 Guide
Explore SOC analyst career paths with salary data, required skills, and certification roadmaps.
Read more PlaybookSOC Investigation Playbooks — Step-by-Step Guides
Practitioner investigation playbooks with decision trees and real SIEM queries.
Read more FeatureShift Mode — Real-Time SOC Simulation
Practice alert triage under realistic time pressure with SLA timers and noise injection.
Read more FeatureOperations — Guided Training Rooms
Structured CTF-style investigation rooms covering real-world attack scenarios.
Read more