Indicators of Compromise and Their Role in Attack Defence
RFC 9424, “Indicators of Compromise and Their Role in Attack Defence”, is an Informational document published in August 2023 by K. Paine, O. Whitehouse, J. Sellwood, A. Shaw. The canonical text is published by the RFC Editor.
Abstract
Cyber defenders frequently rely on Indicators of Compromise (IoCs) to identify, trace, and block malicious activity in networks or on endpoints. This document reviews the fundamentals, opportunities, operational limitations, and recommendations for IoC use. It highlights the need for IoCs to be detectable in implementations of Internet protocols, tools, and technologies -- both for the IoCs' initial discovery and their use in detection -- and provides a foundation for approaches to operational challenges in network security.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 9424 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9425 JSON Meta Application Protocol for Quotas
- RFC 9426 BATched Sparse Coding Scheme for Multi-hop Data Transport
- RFC 9427 TLS-Based Extensible Authentication Protocol Types for Use with TLS 1.3
- RFC 9420 The Messaging Layer Security Protocol
- RFC 9428 Transmission of IPv6 Packets over Near Field Communication
- RFC 9419 Considerations on Application - Network Collaboration Using Path Signals
- RFC 9418 A YANG Data Model for Service Assurance
- RFC 9430 Extension of the Datagram Transport Layer Security Profile for Authentication and Authorization for Constrained Environments to Transport Layer Security