When investigating, what is the best way to store a newly-found IOC?
When investigating, what is the best way to store a newly-found IOC?
In the context of an investigation, the best way to store a newly-found Indicator of Compromise (IOC) is to use a method that ensures it is properly catalogued and easily accessible for further analysis and tracking. While options like pasting it into Notepad or adding it in a text note might temporarily store the IOC, these methods lack the organization and structure needed in a rigorous investigative process. The option to 'Click the Add Artifact button' is most appropriate because an artifact repository is specifically designed to store, organize, and manage IOCs along with relevant metadata, which is crucial for thorough investigation and correlation with other data.
C is the correct answers There is no button called Add IOC so B is not correct
C is correct
D is the answer - Text note option
C. Click the "Add Artifact" button.
C is the answer. I have not seen any button called ADD IOC