• Pieces of forensic data that identify potentially malicious activity on a network or system
• Serves as digital evidence that a security breach has occurred

IoC includes the following

Account Lockouts

• Occurs when an account is locked due to multiple failed login attempts
• Indicates a potential brute force attack to gain access
• Balancing security with usability is crucial when implementing account lockout

Concurrent Session Usage

• Refers to multiple active sessions from a single user account
• Indicates a possible account compromise when the legitimate user is also logged in

Blocked Content

• Involves attempts to access or download content blocked by security protocols
• Suggests a user trying to access malicious content or an attacker attempting to steal data

Impossible Travel

• Detects logins from geographically distant locations within an unreasonably short timeframe
• Indicates a likely account compromise as a physical travel between these locations is impossible

Resource Consumption

• Unusual spikes in resource utilization
  • CPU
  • Memory
  • Network Bandwidth
• May indicate malware infections or Distributed Denial of Service (DDoS) attacks

Resource Inaccessibility