Getting Started with BLUESPAWN


Note! BLUESPAWN is under active alpha development, so many features may not work as expected yet and detections may be too narrow scope or generate lots of false positives.

Note 2! BLUESPAWN is meant to be run by a security professional in most cases and as such, will detect on non-malicious activity sometimes. While BLUESPAWN helps to quickly surface potentially bad things, it expects the user to use the available information to make the final determination.

  1. Download the latest release from this page
  2. Open an Administrative Command Prompt
  3. Run the following command to see the available options
    .\BLUESPAWN.exe --help
    

Mitigate Mode

  1. Run the following from your Administrative Command Prompt to audit your system for the presence of many security settings
    .\BLUESPAWN-client-x64.exe --mitigate=audit --log=console
    
    BLUESPAWN in Action-Mitigate

Hunt Mode

  1. Run BLUESPAWN from the Administrative Command Prompt to hunt for malicious activity on the system
    .\BLUESPAWN-client-x64.exe --hunt -l Cursory --log=console,xml --reaction=log
    
    BLUESPAWN in Action-Hunt