Re: what host-based data is collected?

["Bridges, Robert A." <bridgesra () ORNL GOV>]

Bill,
Thanks for the reply! I’m a data analytics researcher w/ a background in math. All that is to say, I need a little more 
detail to understand all you mentioned.

I’m not familiar w/ “RAT, recon, attack, takeover records”, nor “SNM, MIP traps”. Can you give me a bit more details? 
As for the SS numbers, do you have a client that searches for PII on hosts and reports back?

Thanks again,
Bobby

--
Robert A. Bridges, PhD, Research Mathematician, Cyber & Information Science Research Group, Oak Ridge National 
Laboratory
From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of William “Bill” 
Clark <wclark () WEBER EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Monday, April 23, 2018 at 4:31 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] what host-based data is collected?

All incoming and outgoing IP traffic for 3 months, RAT, recon, attack, and takeover records (security),
All students records (duh) eternity leaving through unearthed channels on the network along with a sprinkle of SS 
number and student, faculty/staff financial records (traps) 1GB circular.
Security events, SNM, MIP traps, etc. 250 Gig total.



On Apr 17, 2018, at 1:24 PM, Bridges, Robert A. <bridgesra () ORNL GOV<mailto:bridgesra () ORNL GOV>> wrote:

Hi, I am a researcher at Oak Ridge National Laboratory and am performing research on security operations funded by 
IARPA. The goal is to survey security operators to inform what cyber research to pursue.
What host-based data does your security operation collect? How large is it? And for how long do you store it?
Thank you,
--
Robert A. Bridges, PhD, Research Mathematician, Cyber & Information Science Research Group, Oak Ridge National 
Laboratory

William “Bill” Clark
wclark () weber edu<mailto:wclark () weber edu>


WSU CISO