Which term denotes evidence suggesting a security breach has occurred?

Indicators of Compromise are concrete artifacts that signal a breach has already occurred. They are observable clues left by attackers or by the effects of their actions, such as known malware file hashes, malicious IP addresses or domains, unusual file or registry changes, or unexpected credential activity. Seeing these indicators allows security teams to confirm that a compromise happened and to guide containment, eradication, and recovery, as well as to hunt for other affected assets. Indicators of Attack describe suspicious behaviors that suggest an attack is in progress or being attempted; they’re useful for early detection before a breach is confirmed. XDR capabilities refer to a broader detection and response platform across multiple vectors, not a specific sign of a breach. WatchGuard Full Encryption is a security control that protects data, not evidence of a breach.