Indicators of compromise

 Packet capture (PCAP)

 Logs

  Network logs

  Vulnerability logs

  Operating system logs

  Access logs

  NetFlow logs

 Notifications

  FIM alerts

  SIEM alerts

  DLP alerts

  IDS/IPS alerts

  Antivirus alerts

 Notification severity/priorities

 Unusual process activity

Response

 Firewall rules

 IPS/IDS rules

 ACL rules

 Signature rules

 Behavior rules

 DLP rules

 Scripts/regular expressions