Re: [OPSEC] New Version Notification for draft-paine-smart-indicators-of-compromise-02.txt

Ron Bonica <rbonica@juniper.net> Wed, 03 February 2021 19:33 UTC

Return-Path: <rbonica@juniper.net>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBE3B3A10BD; Wed, 3 Feb 2021 11:33:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.248
X-Spam-Level:
X-Spam-Status: No, score=-2.248 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.25, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net header.b=w4WF0M0A; dkim=pass (1024-bit key) header.d=juniper.net header.b=O9zz7bvW
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 51qWMHOMHM9N; Wed, 3 Feb 2021 11:33:32 -0800 (PST)
Received: from mx0b-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 274EE3A10B3; Wed, 3 Feb 2021 11:33:32 -0800 (PST)
Received: from pps.filterd (m0108157.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 113JNxKT004534; Wed, 3 Feb 2021 11:33:31 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=PPS1017; bh=ApVyGkmYXzIJhSPbBPmU07dNopCAQ3It2I790Yfr7I0=; b=w4WF0M0Az/r5nxKdhPJIob5wTTnjiS8+4wy6ubw3aivE5DbybATdF0Wms+K6EXbKm91p 3iv1RMONwppyRFx/t84ecmoGGk28H/tce2rNSoQqaMarGHiUuEAPdz/bC8VJL99fTTMJ QtNxhOzcq+WaLQ7QWP5ORyPwKvPc4gOohqsCar0lYNiwkgT0+5EnGcJwqEUrIVLuYIck m1SEB5GlGte5tUg9T6EP3I02g/Wx1ZOBisKlmOHrRicPxTJ92Ixwh75SYw9bRueVcPwZ LEq/h941n5QoLAYLnYvxyHWTyGUc4YkbP20UaxtVeYNUzByZWTn4BOW+lXHuWe4caFMR iQ==
Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2168.outbound.protection.outlook.com [104.47.58.168]) by mx0a-00273201.pphosted.com with ESMTP id 36fg641vbp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 03 Feb 2021 11:33:31 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ho0MaXpi4lL9fmJApnRcDOfj45CHixCDitB4MVmzKu86WkxqAT9PVoivQMZcGszuiS72pA4uEAqiGTtLJbXylHuMWzIm3vVIG28Tl8S9OyjCrNctGcq/p269SGP7h2+3vG2dxEIQs8oqUQUlEPAb3qNItxyM3/5AiXwryVi1C6Hp2rQYeU6/VHUK0eVG0nBx9QG8rQCV1/UueKH6Zc3/7/kvn2wo8H/ybrS9ijdaFEPDqWTfX+PaZO8YhIh+Y6N0tdvsnttZj+Rz+r1GXRH58ZtGtEHTPfpqx9XzAZdCqZvV0bJJYtE9PZThgUqrV+mHFyI/71uEKWpqsOAtJFJCRw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ApVyGkmYXzIJhSPbBPmU07dNopCAQ3It2I790Yfr7I0=; b=Y+Yz4XFyxAJ20XYKRVUMYfkpDR4ukhIh93NYFtiC7qnKSjl6eYm3UfBfPqhpS2A6rgSjdc4o2QT9vxQ4AvXbHuMTIq9P6w3/+mpCVwPXZku6DBFVqW84QTIAE3VBLYLxo5k98DkreZFQ4WS9AXk7/y4zg2OhBh1YffMXD4jD442dMzQ0tR8EkjstJu0qigQZE680W/LJVM9a1hmUOSobbk38EWRcP1uE61GeQimycxPw5dHz4xFKeu+E1GcKVaod64whGZl9a8RePYFSGlfC2C3QGTwFbXdqHzXKk0V3bWMHe2+ZAdM2EF/Q1e89nXZFsYpJz4MNCjDmjWSzA1Qnnw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=juniper.net; dmarc=pass action=none header.from=juniper.net; dkim=pass header.d=juniper.net; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ApVyGkmYXzIJhSPbBPmU07dNopCAQ3It2I790Yfr7I0=; b=O9zz7bvW+ePfjS2ODYIzth8XXx/IxibcZGzB5qJgqqa/7sHQJc5trrnUG4SonqNvHwIv0/uJk0vRKV/HxCsBiouKeoX4JS/gWGLBltJ0b6hWKx1hFjdnfGM85T3AWwNKdp1X31W9knGcq+2l1ufYiEs80FEFYIUvP5ZXWef6AXA=
Received: from (2603:10b6:208:2f::25) by BL0PR05MB5235.namprd05.prod.outlook.com (2603:10b6:208:88::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3825.8; Wed, 3 Feb 2021 19:33:27 +0000
Received: from BL0PR05MB5316.namprd05.prod.outlook.com ([fe80::24d3:61f2:4293:e825]) by BL0PR05MB5316.namprd05.prod.outlook.com ([fe80::24d3:61f2:4293:e825%3]) with mapi id 15.20.3825.017; Wed, 3 Feb 2021 19:33:27 +0000
From: Ron Bonica <rbonica@juniper.net>
To: "Nancy Cam-Winget (ncamwing)" <ncamwing=40cisco.com@dmarc.ietf.org>, Kirsty P <Kirsty.p@ncsc.gov.uk>, "opsec@ietf.org" <opsec@ietf.org>
CC: Ollie Whitehouse <ollie.whitehouse@nccgroup.com>
Thread-Topic: [OPSEC] New Version Notification for draft-paine-smart-indicators-of-compromise-02.txt
Thread-Index: AQHW+lK0tawNa+66S0qY/ghkk027KapG0iag
Date: Wed, 3 Feb 2021 19:33:26 +0000
Message-ID: <BL0PR05MB53165391342A0CEB6D1C7E89AEB49@BL0PR05MB5316.namprd05.prod.outlook.com>
References: <41BAD86A-5CF5-484A-AD16-4C3EA5CF2843@cisco.com>
In-Reply-To: <41BAD86A-5CF5-484A-AD16-4C3EA5CF2843@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.5.0.60
dlp-reaction: no-action
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2021-02-03T19:33:25Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=e27e4f90-b573-49bd-ad2f-2213f3a593da; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=2
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none; dmarc.ietf.org; dmarc=none action=none header.from=juniper.net;
x-originating-ip: [173.79.115.7]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 7dbb671d-5fdd-4d60-41e9-08d8c87a9427
x-ms-traffictypediagnostic: BL0PR05MB5235:
x-microsoft-antispam-prvs: <BL0PR05MB523576B56086903FF41F36FCAEB49@BL0PR05MB5235.namprd05.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: SH0IqfeFTWEnqDgzVfojv4Qk3udpqqjeglrEIYxNR23l5q0cNHC9eIukU4a//VM6H9rSeI8OYyYf/KeZcYO0StnsK3QtVnWRKjs6ZqSvKN3DaKU+ml2zlzJtTCFPfoaIW833W/wEuuneIqJDggZVOLlsyfKVZH6qzgLEWgbKNPow9NPgp/T6+XSIsBojIt9LTvSRVQ5gvcKO2DSlfKJpRI83xdEvdRnjzOcw1EOQJYu+KhLmQxcOnlTvJvCXbBX50Zt1JHgVCC8/YgUqF0ZxuMf7V570otYs9TnJgE+BZO+HM8Q7pn8htKoYvh69+wIGMBiIpVahUQXdNI0PcY4kWILTFdwL3INKPAiggMHXUVrtW0lZSjH6vy63xgC5fk39EztK0Gr0AshhFtNMNBdu57rc5/HPJ5jllVgnahjBXNSEnA1eJVu3FScmCZOsffZ4H52FQOBJ+eJ9S4fSJi4UV6eGgK6os4qcDwzydlgEtV6q6jwA38PQUz4WRhie7uHvVcjxiV7+u7dQzMXiT1fhjdvGe6uN2mIKdiOccwgCUQ9Pql7TGGYO6kc5v4z21Hrm0tP2BjQyVUZhTr1tVwWGQbnKD6nMUszTYjGkn+Jf1kI=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR05MB5316.namprd05.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(39860400002)(396003)(366004)(136003)(376002)(5660300002)(86362001)(83380400001)(478600001)(7696005)(166002)(66946007)(55016002)(9686003)(76116006)(64756008)(71200400001)(15650500001)(66556008)(53546011)(66446008)(8936002)(66574015)(52536014)(26005)(110136005)(316002)(33656002)(186003)(2906002)(8676002)(66476007)(966005)(6506007)(4326008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: =?us-ascii?Q?cV7MYPgCiMQnQpzedRMjj8a6UAxGk5QAAPZ6yQ9ReR3Ac/ClEuKo/S7zOVnC?= =?us-ascii?Q?fR83aEnqb5gBI2yRj92oXHvoXr+3HnEduy17N7uqsohr2ig0GJle3F9b40HX?= =?us-ascii?Q?S7r+C0TsAW3hGtvDBdRULRjWdMWLVJJMcdJpUAo66wEonFf6yz/xrgWKtlA/?= =?us-ascii?Q?/khkiHvn3njnGN1nnZ4NLreF85WtiBi67tSCk7Y9I4DnVMJChrbLHMrxgzmm?= =?us-ascii?Q?1s7zctbzO2AzsQ/VqJCeSEiCeTmcd1htkKThvkClv1D5uITC7F6XgwMyLyf+?= =?us-ascii?Q?ljy3EDeQz3btFCW/btEoYK83cKUk8baLIdEbLLnvsvuVZGWGQ8K/YeBktX/L?= =?us-ascii?Q?YPPpQ3LNdliQHu5E2AfzKrdqV3rh/HWP16G/az+eIKaUsR8tMmROu7RpbQoi?= =?us-ascii?Q?NNl/3mLBrjah7wxbmDUuaPCEWKXC56y2fe03/EylgnnzihGbn9a6Mg8F4xnk?= =?us-ascii?Q?w4u7kkYSQRvuUREFkbzXyGBSpTLPmxOQJsJxjuy4a8fz4miU+C1qKtmjiOrZ?= =?us-ascii?Q?oKY4Z5CVmnarPUHI//3D0bPy66ILOvyomLvj0nyfZdIP8nD1YhYdANCPqzIs?= =?us-ascii?Q?XfISjcLWTZb++f8gsh+QprtpoW9jwz7JL1TRyca4Y4UynLBVZYQng7ALago1?= =?us-ascii?Q?KUuZ0YWcuG/j2m+3whWTYCP6WuNn9qqxDiCsr945k8U/04Z+oI/ejbtER+c9?= =?us-ascii?Q?kqSBC0UH4JsSzXtY38NE35K/bY+PSXsDXU0jNwsbYvwMWoiRuPlsYW+HAqg2?= =?us-ascii?Q?/G/RC6/Colobj4CIdWcTxZHXIzH4Sz6yGI93T7HAZFZUB6DXSupN/6jyXgFh?= =?us-ascii?Q?pGWdCk4qMxtMS1Rx0hEBZPzPpUykRawtOisLK7NLrRsmos/086GKySwjPcTN?= =?us-ascii?Q?AltuQRQoBCHRmMBXq+HNq/JEHqdUzewKBzG+rZDOo9c/btpywSI5nhdi9Z5R?= =?us-ascii?Q?/B2tKmnOM3e5YXQ/B77+G/Prybnq/WGgqEfDFWZa2dSmJMCYUi7mO8yMoASV?= =?us-ascii?Q?X8KCxj6sNF5diI+pzh+f1ha2RozRSVAUlKfLGtKjkjxzq7i1Zbn8o+XbWfE4?= =?us-ascii?Q?eX/ulgj98tHE5/VJ02vXeuzfAT58kw9KHc43QzRN909MGFwJGlccR0v/9d9a?= =?us-ascii?Q?a2N0EuT8mlNb7+T1kug6BG0W4PNMiOPsDRtSTgSrPsSRec94JkLKo5hZpuU4?= =?us-ascii?Q?R74YaSewEwelfEmShplNAibvA+kRqUGJUk8yASwGLY9eFFAveygM3GAzSs4q?= =?us-ascii?Q?Vr03RVagSYFlsRZ9MNU89m8aVrPbvqX06y4ECGmtRf4ebU9BTrDg3ayRcx59?= =?us-ascii?Q?Xgo=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BL0PR05MB53165391342A0CEB6D1C7E89AEB49BL0PR05MB5316namp_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR05MB5316.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7dbb671d-5fdd-4d60-41e9-08d8c87a9427
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Feb 2021 19:33:26.8492 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: g2NHixsU5ePtXtYY47a/LuwQrdNuwY47TcqmNotj+7mpYhm6YogJH48esOjVV3Z0wB3jPf2If4Fevn5Z61OI0g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR05MB5235
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.737 definitions=2021-02-03_07:2021-02-03, 2021-02-03 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 mlxscore=0 phishscore=0 impostorscore=0 malwarescore=0 lowpriorityscore=0 bulkscore=0 priorityscore=1501 adultscore=0 mlxlogscore=999 suspectscore=0 spamscore=0 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2102030113
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/UhEePiDiA868jleDVTql0vG59NM>
Subject: Re: [OPSEC] New Version Notification for draft-paine-smart-indicators-of-compromise-02.txt
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2021 19:33:35 -0000

Thanks much!



Juniper Business Use Only
From: Nancy Cam-Winget (ncamwing) <ncamwing=40cisco.com@dmarc.ietf.org>
Sent: Wednesday, February 3, 2021 12:34 PM
To: Ron Bonica <rbonica@juniper.net>et>; Kirsty P <Kirsty.p@ncsc.gov.uk>uk>; opsec@ietf.org
Cc: Ollie Whitehouse <ollie.whitehouse@nccgroup.com>
Subject: Re: [OPSEC] New Version Notification for draft-paine-smart-indicators-of-compromise-02.txt

[External Email. Be cautious of content]

Hi Ron,
I can review it, but will not be able to get to it for a week if that's OK.....
Best, Nancy

From: OPSEC <opsec-bounces@ietf.org<mailto:opsec-bounces@ietf.org>> on behalf of Ron Bonica <rbonica=40juniper.net@dmarc.ietf.org<mailto:rbonica=40juniper.net@dmarc.ietf.org>>
Date: Wednesday, February 3, 2021 at 9:04 AM
To: Kirsty P <Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org<mailto:Kirsty.p=40ncsc.gov.uk@dmarc.ietf.org>>, "opsec@ietf.org<mailto:opsec@ietf.org>" <opsec@ietf.org<mailto:opsec@ietf.org>>
Cc: Ollie Whitehouse <ollie.whitehouse@nccgroup.com<mailto:ollie.whitehouse@nccgroup.com>>
Subject: Re: [OPSEC] New Version Notification for draft-paine-smart-indicators-of-compromise-02.txt

Folks,

This appears to be a well-written draft that reflects current practice.

Could I ask for two volunteers to read and comment on the draft?

                                                           Ron




Juniper Business Use Only
From: OPSEC <opsec-bounces@ietf.org<mailto:opsec-bounces@ietf.org>> On Behalf Of Kirsty P
Sent: Tuesday, January 26, 2021 6:19 AM
To: opsec@ietf.org<mailto:opsec@ietf.org>
Cc: Ollie Whitehouse <ollie.whitehouse@nccgroup.com<mailto:ollie.whitehouse@nccgroup.com>>
Subject: [OPSEC] Fw: New Version Notification for draft-paine-smart-indicators-of-compromise-02.txt

[External Email. Be cautious of content]

Hi OPSEC,

Please see below for details of our new draft on Indicators of Compromise (IoCs), updated based on previous comments. We think it might be suitable for OPSEC, but we'd like to hear your comments, discussion or feedback on this draft - please get in touch!

Kirsty & Ollie

________________________________
From: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
Sent: 13 January 2021 17:44
To: Kirsty P <Kirsty.p@ncsc.gov.uk<mailto:Kirsty.p@ncsc.gov.uk>>; Kirsty P <Kirsty.p@ncsc.gov.uk<mailto:Kirsty.p@ncsc.gov.uk>>; Ollie Whitehouse <ollie.whitehouse@nccgroup.com<mailto:ollie.whitehouse@nccgroup.com>>
Subject: New Version Notification for draft-paine-smart-indicators-of-compromise-02.txt


A new version of I-D, draft-paine-smart-indicators-of-compromise-02.txt
has been successfully submitted by Kirsty Paine and posted to the
IETF repository.

Name:           draft-paine-smart-indicators-of-compromise
Revision:       02
Title:          Indicators of Compromise (IoCs) and Their Role in Attack Defence
Document date:  2021-01-13
Group:          Individual Submission
Pages:          18
URL:            https://www.ietf.org/archive/id/draft-paine-smart-indicators-of-compromise-02.txt<https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-paine-smart-indicators-of-compromise-02.txt__;!!NEt6yMaO-gk!ROAJN_sBswX8ZJeSvhDtX_81t08cWDIA_hgNshzWwHgWRT7fGXREkXz-a5ZEmb5z$>
Status:         https://datatracker.ietf.org/doc/draft-paine-smart-indicators-of-compromise/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-paine-smart-indicators-of-compromise/__;!!NEt6yMaO-gk!ROAJN_sBswX8ZJeSvhDtX_81t08cWDIA_hgNshzWwHgWRT7fGXREkXz-a2JpAO1o$>
Htmlized:       https://datatracker.ietf.org/doc/html/draft-paine-smart-indicators-of-compromise<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-paine-smart-indicators-of-compromise__;!!NEt6yMaO-gk!ROAJN_sBswX8ZJeSvhDtX_81t08cWDIA_hgNshzWwHgWRT7fGXREkXz-a6QW_hAc$>
Htmlized:       https://tools.ietf.org/html/draft-paine-smart-indicators-of-compromise-02<https://urldefense.com/v3/__https:/tools.ietf.org/html/draft-paine-smart-indicators-of-compromise-02__;!!NEt6yMaO-gk!ROAJN_sBswX8ZJeSvhDtX_81t08cWDIA_hgNshzWwHgWRT7fGXREkXz-a8ljssC1$>
Diff:           https://www.ietf.org/rfcdiff?url2=draft-paine-smart-indicators-of-compromise-02<https://urldefense.com/v3/__https:/www.ietf.org/rfcdiff?url2=draft-paine-smart-indicators-of-compromise-02__;!!NEt6yMaO-gk!ROAJN_sBswX8ZJeSvhDtX_81t08cWDIA_hgNshzWwHgWRT7fGXREkXz-a-E-vKcg$>

Abstract:
   Indicators of Compromise (IoCs) are an important technique in attack
   defence (often called cyber defence).  This document outlines the
   different types of IoC, their associated benefits and limitations,
   and discusses their effective use.  It also contextualises the role
   of IoCs in defending against attacks through describing a recent case
   study.  This draft does not pre-suppose where IoCs can be found or
   should be detected - as they can be discovered and deployed in
   networks, endpoints or elsewhere - rather, engineers should be aware
   that they need to be detectable (either by endpoints, security
   appliances or network-based defences, or ideally all) to be
   effective.  The purpose of this draft is to document both the
   operational issues, but also the best practices associated with use
   of IoCs today.  This draft provides a foundation for proposals for
   new approaches to operational challenges in network security.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat
This information is exempt under the Freedom of Information Act 2000 (FOIA) and may be exempt under other UK information legislation. Refer any FOIA queries to ncscinfoleg@ncsc.gov.uk<mailto:ncscinfoleg@ncsc.gov.uk>. All material is UK Crown Copyright (c)