{
  "draft": "draft-ietf-opsec-indicators-of-compromise-04",
  "doc_id": "RFC9424",
  "title": "Indicators of Compromise (IoCs) and Their Role in Attack Defence",
  "authors": [
    "K. Paine",
    "O. Whitehouse",
    "J. Sellwood",
    "A. Shaw"
  ],
  "format": [
    "XML",
    "TEXT",
    "HTML",
    "PDF"
  ],
  "page_count": "24",
  "pub_status": "INFORMATIONAL",
  "status": "INFORMATIONAL",
  "source": "Operational Security Capabilities for IP Network Infrastructure",
  "abstract": "Cyber defenders frequently rely on Indicators of Compromise (IoCs) to identify, trace, and block malicious activity in networks or on endpoints.  This document reviews the fundamentals, opportunities, operational limitations, and recommendations for IoC use.  It highlights the need for IoCs to be detectable in implementations of Internet protocols, tools, and technologies -- both for the IoCs' initial discovery and their use in detection -- and provides a foundation for approaches to operational challenges in network security.",
  "pub_date": "August 2023",
  "keywords": [
    "IOC",
    "Attack Defence"
  ],
  "obsoletes": [],
  "obsoleted_by": [],
  "updates": [],
  "updated_by": [],
  "see_also": [],
  "doi": "10.17487/RFC9424",
  "errata_url": "https://www.rfc-editor.org/errata/rfc9424"
}