IOA (Indicators of Attack)

Definition

Indicators of Attack (IOA) are behavioral indicators signaling an attack in progress — unlike IOCs which detect attacks after the fact. IOAs enable security teams to stop attacks earlier.

IOCs are reactive: they detect known malware. IOAs are proactive: they recognize attack patterns regardless of the specific malware used.

Related terms

IOC (Indicator of Compromise) EDR (Endpoint Detection & Response) Threat Hunting
← Back to glossary