// THREAT DETECTION AND DATA PRIVACY TERM
Indicator
An indicator is a piece of evidence on a computer or network that points to a potential security breach. It's like a digital footprint or clue suggesting malicious activity has occurred or is underway.
TECHNICAL DEFINITION
An indicator, often an Indicator of Compromise (IoC) or Indicator of Attack (IoA), is a technical artifact or observable event in an information system used by threat intelligence platforms and security information and event management (SIEM) systems to detect malicious activity. These observables include entities like file hashes (MD5, SHA256), malicious IP addresses, anomalous registry key changes, or specific network traffic patterns identified during forensic analysis or threat hunting.
BACKGROUND
In information security, threat hunting is the process of proactively searching for threats against computer systems in order to protect them. This is in contrast to traditional threat management measures, such as firewalls, intrusion detection systems (IDS), malware sandbox and SIEM systems, which typically involve an investigation of evidence-based data after there has been a warning of a potential threat. Threat analyst Lesley Carhart stated that there is no consensus amongst practitioners what threat hunting actually entails.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- Indicator of Compromise
- IoC
- Indicator of Attack
- IoA
- Threat Artifact
- Cyber Observable
- Signature
USAGE NOTE
Indicators are fundamental data points used in threat intelligence feeds and detection rules to identify and respond to security incidents.
DEVELOPERS
Organizations developing technology related to Indicator.
A leading incident response and threat intelligence company that identifies, analyzes, and disseminates Indicators of Compromise (IOCs) discovered during investigations. Their Mandiant Advantage platform provides threat intelligence based on these indicators.
Develops the Falcon platform, an endpoint security solution that heavily utilizes both Indicators of Compromise (IOCs) and behavioral Indicators of Attack (IOAs) for real-time threat detection and prevention.
An intelligence company that provides a platform for collecting, processing, and analyzing vast amounts of data from the internet. It delivers context-rich indicators and threat intelligence to help organizations proactively block threats.
Through its Unit 42 threat research team and Cortex XDR platform, the company identifies and correlates indicators across network, endpoint, and cloud environments to detect sophisticated attacks.
Provides a Threat Intelligence Platform (TIP) that enables organizations to aggregate indicator feeds from numerous sources, enrich the data, and integrate it with security controls for automated threat detection and response.
A non-profit organization that develops key technologies and standards for the cybersecurity community, including STIX (a language for expressing threat indicators) and TAXII (a protocol for sharing them). Their ATT&CK framework provides context for behavioral indicators.
Offers a security information and event management (SIEM) platform used by organizations to ingest threat intelligence feeds containing indicators. The platform correlates these indicators against internal log and event data to identify security threats.
Develops a threat intelligence platform (TIP) and security operations platform designed to help teams manage, understand, and act upon threat data, including technical indicators like IP addresses, domains, and file hashes.