IOC

An Indicator of Compromise (IOC) is a piece of forensic data or artifact that suggests a system may have been breached or is under attack. Common IOCs include malicious IP addresses, domain names, file hashes, registry keys, and unusual network traffic patterns. IOCs are shared among security teams via STIX/TAXII formats and threat intelligence platforms. While useful for detection, IOCs are reactive — they indicate a known attack that has already occurred somewhere.

Why it matters for your website

• 1Reduces mean time to respond (MTTR) and limits breach impact
• 2Required by SOC 2, ISO 27001, HIPAA, and most enterprise frameworks
• 3Organizations without IR plans face higher regulatory fines and recovery costs