What are 'indicators of compromise' (IoCs)?

Indicators of compromise (IoCs) are artifacts that provide evidence that a security breach has occurred. They can include various types of data, such as file hashes, IP addresses, URLs, or other attributes that signal that malicious activity has taken place within a system or network. By identifying and analyzing these indicators, security professionals can detect potential intrusions and respond appropriately to mitigate threats.

In the context of cybersecurity, IoCs serve as vital clues that guide incident response teams in investigating incidents and understanding the tactics used by attackers. They enable teams to correlate data across multiple sources and look for patterns that indicate a compromise, ultimately aiding in the process of securing the environment against future threats.

The other options, while related to the broader context of security and incident management, do not capture the essence of what IoCs specifically represent. Tools for evidence collection are important in the forensic process but are not indicators themselves. Reports generated after an incident reflect findings and conclusions but do not serve as indicators of a breach that has occurred during an incident. Security training materials are essential for preparing personnel for potential threats but are not evidence of a security breach.