IOC indicators of compromise - indicating intrusion examples unusual amount of network traffic change to file hash values irregular intl traffic changes to DNS data uncommon login patterns spikes of read requests to certain files