Evidence Description
Record showing which indicators of compromise were received, assessed for relevance, and added to detection or blocking workflows.
What This Evidence Proves
This proves that threat intelligence is converted into operational detection inputs.
Related Controls
Related Risks
Source System
Security Operations Process
Collection Method
Ticket, detection repository, SIEM content change, or threat intelligence platform export.
Review Process
Reviewed monthly with threat intelligence review records.
Audit Notes
Strong evidence links the IOC to a source, relevance decision, action, date, and reviewer.
- Evidence
- Audit
- Threat intelligence
Note Metadata
Aliases: EVID-0002
Source: 07-Evidence-Library/EVID-0002-IOC-Update-Record.md
Graph-sourced resources
Templates and evidence
Risk treatment artifacts
Risk records, mappings, and treatment-supporting references.