Indicators of compromise (IOCs) are the pieces of evidence collected from a host system (e.g. laptops, servers, mobile phones), applications (e.g. databases), cloud-based capabilities or network when suspicious or malicious activities have been identified.

zvelo’s curated cyber threat intelligence data delivers rich metadata for highly contextualized IOCs and threat signals which can be easily integrated into existing security tools and platforms (including SIEM, SOAR, EDR, MDR, XDR, etc.), for deeper analysis and enrichment by cyber defenders and threat analysts.

Common IOCs (listed in order from the easiest to assess to the most difficult) include file hashes, IP addresses, domain names, network/host artifacts, tools, and tactics, techniques, and procedures (TTPs).  zvelo details how its threat detection feeds map to each of these IOCs within the Pyramid of Pain — a model cyber defenders use for Incident Response (IR) and threat hunting.