Posted on

My SANS GCIA gold paper has been published! It was a lot of work, but I’m very excited about it.  You can get the paper here and the software here.


Responding to incidents in an efficient manner is critical for all CIRTS. This paper presents a new open
source tool for the enterprise. With this tool, responders will be able to detect incidents using aggregated
data collected from hosts and applying anomaly detection. OHIDS includes a sensitive data finder to allow
appropriate escalation of the incident. This software can be utilized in a proactive manner by removing SSNs
and credit card data before incidents occur or by detecting unauthorized software running.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s