security

IOA

Indicator of Attack

Definition

IOAs are behavioral patterns that indicate an attack in progress, rather than evidence of a past compromise. Unlike IOCs (which look for known-bad artifacts), IOAs detect suspicious sequences of actions — like a process spawning a shell, then enumerating users, then connecting to an external IP — regardless of the specific tools used.

IOA-based detection is more effective against novel malware and living-off-the-land attacks.

Related Terms

IOC

Indicator of Compromise

TTP

Tactics, Techniques, and Procedures

EDR

Endpoint Detection and Response

← Back to Glossary

Ship secure code faster

Crash Override integrates security into the developer workflow. No context switching, no waiting on reviews.

Talk to a Human See the Product