[OPSEC] RFC 9424 on Indicators of Compromise (IoCs) and Their Role in Attack Defence
rfc-editor@rfc-editor.org Sat, 12 August 2023 04:03 UTC
Return-Path: <wwwrun@rfcpa.amsl.com>
X-Original-To: opsec@ietfa.amsl.com
Delivered-To: opsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 307B1C1516E0; Fri, 11 Aug 2023 21:03:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.533
X-Spam-Level:
X-Spam-Status: No, score=0.533 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, SPF_HELO_SOFTFAIL=0.732, SPF_SOFTFAIL=0.665, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a7Oz9vL5fxtD; Fri, 11 Aug 2023 21:03:46 -0700 (PDT)
Received: from rfcpa.amsl.com (unknown [50.223.129.200]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81B1AC151554; Fri, 11 Aug 2023 21:03:46 -0700 (PDT)
Received: by rfcpa.amsl.com (Postfix, from userid 499) id 4D9F53E8AE; Fri, 11 Aug 2023 21:03:46 -0700 (PDT)
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
From: rfc-editor@rfc-editor.org
Cc: rfc-editor@rfc-editor.org, drafts-update-ref@iana.org, opsec@ietf.org
Content-type: text/plain; charset="UTF-8"
Message-Id: <20230812040346.4D9F53E8AE@rfcpa.amsl.com>
Date: Fri, 11 Aug 2023 21:03:46 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsec/oKmrL-fm45joyTD5p0q3ne4hgW8>
Subject: [OPSEC] RFC 9424 on Indicators of Compromise (IoCs) and Their Role in Attack Defence
X-BeenThere: opsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: opsec wg mailing list <opsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsec>, <mailto:opsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsec/>
List-Post: <mailto:opsec@ietf.org>
List-Help: <mailto:opsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsec>, <mailto:opsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Aug 2023 04:03:50 -0000
A new Request for Comments is now available in online RFC libraries. RFC 9424 Title: Indicators of Compromise (IoCs) and Their Role in Attack Defence Author: K. Paine, O. Whitehouse, J. Sellwood, A. Shaw Status: Informational Stream: IETF Date: August 2023 Mailbox: kirsty.ietf@gmail.com, ollie@binaryfirefly.com, james.sellwood.ietf@gmail.com, andrew.s2@ncsc.gov.uk Pages: 24 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-opsec-indicators-of-compromise-04.txt URL: https://www.rfc-editor.org/info/rfc9424 DOI: 10.17487/RFC9424 Cyber defenders frequently rely on Indicators of Compromise (IoCs) to identify, trace, and block malicious activity in networks or on endpoints. This document reviews the fundamentals, opportunities, operational limitations, and recommendations for IoC use. It highlights the need for IoCs to be detectable in implementations of Internet protocols, tools, and technologies -- both for the IoCs' initial discovery and their use in detection -- and provides a foundation for approaches to operational challenges in network security. This document is a product of the Operational Security Capabilities for IP Network Infrastructure Working Group of the IETF. INFORMATIONAL: This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see https://www.ietf.org/mailman/listinfo/ietf-announce https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see https://www.rfc-editor.org/search For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC