{"draft":"draft-ietf-opsec-indicators-of-compromise-04","doc_id":"RFC9424","title":"Indicators of Compromise (IoCs) and Their Role in Attack Defence","authors":["K. Paine","O. Whitehouse","J. Sellwood","A. Shaw"],"format":["HTML","TEXT","PDF","XML"],"page_count":"24","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"Operational Security Capabilities for IP Network Infrastructure","abstract":"Cyber defenders frequently rely on Indicators of Compromise (IoCs) to\r\nidentify, trace, and block malicious activity in networks or on\r\nendpoints. This document reviews the fundamentals, opportunities,\r\noperational limitations, and recommendations for IoC use. It\r\nhighlights the need for IoCs to be detectable in implementations of\r\nInternet protocols, tools, and technologies -- both for the IoCs'\r\ninitial discovery and their use in detection -- and provides a\r\nfoundation for approaches to operational challenges in network\r\nsecurity.","pub_date":"August 2023","keywords":["IOC","Attack Defence"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9424","errata_url":null}