What term describes artifacts and indicators that indicate a potential intrusion?

Indicators of Compromise describe artifacts and data that signal a system may have been breached. These IoCs include things like malware file hashes, unfamiliar IP addresses or domains contacting a host, unusual login patterns, and unexpected changes to files or registry keys. By collecting and analyzing IoCs, defenders can spot intrusions, investigate faster, and share findings to improve defenses. The other options point to specific attacker techniques or detection methods—data staging is about preparing data for exfiltration, a web shell is a backdoor tool used after access is gained, and DNS tunneling detection focuses on spotting a particular exfiltration method—none of which capture the broad set of warning signs that indicate a potential intrusion.