Mandiant introduces a Python API to create IOCs
Indicators of compromise (IOCs) are Mandiant’s name for the state of objects (files, registry, log entries, etc) that could indicate a compromise. They are definition based.
I have not covered Mandiant’s Redline previously, but it is used to collect a bunch of data about a workstation, and then used to analyze this data for IOCs. This means that expanding IOC definitions has a lot of value!