Get Started with IOC

Built on our revolutionary Cloud Agent technology, Qualys Indication of Compromise (IOC) helps you continuously monitor endpoints for suspicious activity. IOC captures system activity to find indicators of compromise relating to malware and indicators of activity relating to threat actors to support investigation and response. We'll help you get started quickly!

Start Here

Our tutorials will help you start investigating IOC incidents and events in minutes.

Install Cloud Agents (using the CA app)

Enable IOC in a CA Configuration Profile (using the CA app)

Check out IOC incidents and events

The IOC UI gives you the power and flexibility to search and filter incidents detected by IOC, and system events and details provided by the cloud agent.

Investigation and response

Hunting tutorial

How to Search

Get alerts for events

Create rules to get alerts for events that you want to monitor closely.

Configure Rule Based Alerts for Events

Customizable dynamic dashboards

Dynamic dashboards help you visualize your IOC incidents and events and get up to date views on your assets in real time. Add widgets with your own search queries to easily track exactly what you're interested in.

Get Started Now!