What is an IOC
Indicators of Compromise, or IOCs for short, are pieces of information, such as URLs or email addresses, that indicate an event on a network or device. IOC data enables investigators to determine at an early stage if there is harmful activity on a network, such as a security breach or other suspicious incident. IOCs are sometimes referred to as observables.
The IOCs Panel is where you work with IOCs, either as a list you can filter and sort, or by viewing the details of a specific IOC. You access the IOCs panel by clicking the IOCs icon in the Navigation Bar.
The IOCs panel has two view, each with a separate purpose:
- List View: Displays a list of IOCs that match the current filters you have set. This is the default view for IOCs. You can always return to the list by clicking on the IOC icon in the Navigation Bar.
- Constellation View: Provides a detailed look at a selected IOC. To see an IOC in Constellation view, click on the highlighted title of the IOC in List View.
IOCs (also called observables) are the building blocks of CTI analysis and are critical to making accurate decisions throughout the investigative workflow, but effectively managing large numbers of IOCs can be a daunting challenge. TruSTAR streamlines IOC management throughout the entire workflow, with support for:
- Uploading up to 10,000 IOCs at a time, including additional context data.
- Filtering of IOCs
- Deleting individual IOCs
- Exporting IOCs
FAQ for IOC Uploading