Getting Started with BLUESPAWN
Note! BLUESPAWN is under active alpha development, so many features may not work as expected yet and detections may be too narrow scope or generate lots of false positives.
Note 2! BLUESPAWN is meant to be run by a security professional in most cases and as such, will detect on non-malicious activity sometimes. While BLUESPAWN helps to quickly surface potentially bad things, it expects the user to use the available information to make the final determination.
- Download the latest release from this page
- Open an Administrative Command Prompt
- Run the following command to see the available options
- Run the following from your Administrative Command Prompt to audit your system for the presence of many security settings
.\BLUESPAWN-client-x64.exe --mitigate --action=audit
- Run BLUESPAWN from the Administrative Command Prompt to hunt for malicious activity on the system
.\BLUESPAWN-client-x64.exe --hunt -a Cursory --log=console,xml
- Run BLUESPAWN from the Administrative Command Prompt to monitor for malicious activity on the system
.\BLUESPAWN-client-x64.exe --monitor -a Cursory --log=console,xml