Understanding Indicators of Compromise (IR108)

11:00 AM EDT – 12:00 PM EDT
Location type
Event type

CISA is proud to offer the cybersecurity awareness webinar, Understanding Indicators of Compromise (IR108).

This webinar is intended for a non-technical audience and beginning incident responders.

Major cyber-attacks have made headlines for years and the pace of threat activity faced by government and private sector organizations is accelerating. Often, the most damaging attacks reported are traced to Advanced Persistent Threats (APTs): groups of sophisticated hackers who gain entry into an unauthorized system and remain undetected for extended periods of time, allowing them to surveil and gather information, test security, or execute malicious activity without tripping network defenses.

Indicators of Compromise (IOCs) are the digital and informational "clues" that incident responders use to detect, diagnose, halt, and remediate malicious activity in their networks. This webinar provides an overview of IOCs for incident responders and those who work with them, introduces example scenarios and how IOCs can be used to trace activity and piece together a timeline of the threat, and discusses tools and frameworks to help incident responders use IOCs to detect, analyze, respond to, and report cyber threat activity.

Join us to learn the following information and more:

  • Define IOCs and why tracking, investigating, and reporting IOCs are crucial to enterprise cybersecurity.
  • Understand how IOCs are used for threat hunting and incident response, different types of indicators, and how to collect different categories of IOCs.
  • Learn about the MITRE ATT&CK Framework and how it supports the analysis of IOCs, potential threat actors related to the activity and their associated strategies and tactics.
  • Introduce free CISA cybersecurity tools, services, and resources to help organizations further advance their cybersecurity capabilities.



  • Date: Tuesday, June 6, 2023
  • Time: 11 a.m. - noon EDT
  • Location: Online via Adobe Connect
  • CPE Credit: Participants can earn 1 CPE credit for attending this course.
  • Note: Audio is through Adobe Connect; there is no external dial-in.
  • Closed captioning (English only) will be available during this training event. Previously recorded webinars are available on the CISA YouTube Channel for playback in other languages, if required.


If you require a reasonable accommodation to fully participate in this virtual event, please contact cyberinsights@cisa.dhs.gov at least five business days prior to the training with the type of support you need.