1. A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks.
2. An automated set of rules for identifying a potential threat (such as an exploit or the presence of an attacker tool) and possible responses to that threat.
Source: Explore Terms: A Glossary of Common Cybersecurity Terminology, National Initiative for Cybersecurity Careers and Studies (NICCS), https://niccs.us-cert.gov/about-niccs/glossary
3. A specific sequence of events indicative of an unauthorized access attempt. (SP 800-12) (NISTIR).
Source: The Cyber Glossary, National Security Archive, George Washington University, https://nsarchive.gwu.edu/news/cyber-vault/2018-09-19/cyber-glossary