UnixTime

Research Note

EVID-0002 IOC Update Record

Record showing which indicators of compromise were received, assessed for relevance, and added to detection or blocking workflows.

On this page

Evidence Description

Record showing which indicators of compromise were received, assessed for relevance, and added to detection or blocking workflows.

What This Evidence Proves

This proves that threat intelligence is converted into operational detection inputs.

Source System

Security Operations Process

Collection Method

Ticket, detection repository, SIEM content change, or threat intelligence platform export.

Review Process

Reviewed monthly with threat intelligence review records.

Audit Notes

Strong evidence links the IOC to a source, relevance decision, action, date, and reviewer.

  • Evidence
  • Audit
  • Threat intelligence

Note Metadata

Aliases: EVID-0002

Source: 07-Evidence-Library/EVID-0002-IOC-Update-Record.md

Graph-sourced resources

Templates and evidence

Risk treatment artifacts

Risk records, mappings, and treatment-supporting references.