Indicators

Indicators (or Indicators of Compromise (IoCs) are unique values that when detected somewhere on your network require some level of response. CRITs tries to provide as many capabilities as possible to tease out and add Indicators to your instance quickly and easily.

When uploading an Indicator you can provide:

Indicator Type The CybOX Type associated with that Indicator.
Value The value of the Indicator.
Confidence How confident you are (and also the level of response necessary) in this Indicator.
- Unknown - the default value.
- Benign - it has been determined this Indicator is nothing to be worried about.
- Low - this is something to look out for, but it doesn't need immediate attention.
- Medium - this is something to look out for and attend to as soon as possible.
- High - this is really bad and everyone needs to drop what they are doing to respond.
Impact What level of impact this Indicator will have on your organization if it is detected (uses the same options as Confidence).

You can also attribute Campaigns and assign buckets or tickets to this Indicator.

You can adjust the Type, Confidence, and Impact after it is uploaded if needed.

Indicators come with a few other sections that are unique:

Actions: Actions that you and your organization have taken to position yourselves for detection and response related to this Indicator. You can add Actions through the UI to customize this for your environment.
Activity: Allows you to track instances of detecting this Indicator on your network.

Indicators

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally