A threat hurting team received a new loC from an ISAC that follows a threat actor's profile and activities. Which of the following should be updated NEXT?
Correct Answer: D
Examples of IoC:
* Unusual inbound and outbound network traffic
* Geographic irregularities, such as traffic from countries or locations where the organization does
not have a presence
* Unknown applications within the system
* Unusual activity from administrator or privileged accounts, including requests for additional
permissions
* An uptick in incorrect log-ins or access requests that may indicate brute force attacks
* Anomalous activity, such as an increase in database read volume
* Large numbers of requests for the same file
* Suspicious registry or system file changes
* Unusual Domain Name Servers (DNS) requests and registry configurations
* Unauthorized settings changes, including mobile device profiles
* Large amounts of compressed files or data bundles in incorrect or unexplained locations
* Analyst then create custom rules for specific organizational needs to find out whos doing these
actions