Threats, malware, and attack techniques

Indicators of Attack

Indicators of attack (IOA) are signs of a cyber attack against an organization’s systems or network. An important difference between an indicator of attack vs indicator of compromise is that an IOA focuses on identifying a cyber attack that is in progress, but an indicator of compromise relates to evidence that systems have already been compromised, such as discovering malware or the unauthorized transfer of data. Examples of IOAs include unusual network traffic and failed login attempts.