Indicators of Compromise (IOCs)

Files in  OpenIOC  format describe Indicators of Compromise (IOC) identified on a host or network. IOCs help administrators and investigators analyze and interpret threat data in a consistent manner.

A Trend Micro product called Deep Discovery Endpoint Sensor can run impact assessment on an IOC file.

The following columns show information about IOCs:

Table 1. Indicators of Compromise (IOCs) Columns

Column Name

Information

File Name

IOC file name. Clicking the file name opens a new window with a list of supported indicators. Unsupported indicators are grayed out and appear as strikethrough text.

Description

Additional information about the IOC file

Latest Investigation

If you run impact assessment on the IOC file, the following columns show information about the status of the assessment:

  • Started: Date and time the assessment was started
  • Progress: Percentage of assessment completion
  • Settings: Link to a new window with the IOC settings you specified before running impact assessment
  • At Risk: Number of at-risk endpoints determined after the assessment. Clicking the number opens a new screen with additional tasks for endpoints that require mitigation. For details, see At-risk Endpoints.
  • Safe: Number of safe endpoints determined after the assessment
  • Pending/With Issues: Number of endpoints that are currently being assessed (pending) or with issues. Clicking the number opens a new screen with detailed status information. For details, see Pending Agents and Agents with Issues.