ION28 BLUESPAWN issues - Githubissues

ION28 / BLUESPAWN

An Active Defense and EDR software to empower Blue Teams

GNU General Public License v3.0

1.23k stars 167 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Research possible integration of FireEye's capa into scan mode

#367 ION28 opened 4 years ago
0
v0.5.0-alpha Release Coordination

#366 ION28 closed 4 years ago
2
Client reduce false positives

#365 Jack-McDowell closed 4 years ago
0
Updates to testing to support subtechniques

#364 ION28 closed 4 years ago
3
Some bugfixes, and some refactoring

#363 Jack-McDowell closed 4 years ago
1
Add support for MITRE ATT&CK Subtechniques in BLUESPAWN

#362 ION28 closed 4 years ago
0
Tune PE-Sieve

#361 Jack-McDowell closed 4 years ago
0
Investigate log troubles

#360 Jack-McDowell closed 4 years ago
0
Migrate dependencies to forks we control or vcpkg

#359 Jack-McDowell closed 4 years ago
1
Integrate log analysis with active defense measures

#358 Jack-McDowell opened 4 years ago
0
Modify scan triggers for associativity scans

#357 Jack-McDowell closed 4 years ago
1
Better handling for unsigned non-executable files

#356 Jack-McDowell closed 4 years ago
1
Investigate "ghost" detections

#355 Jack-McDowell opened 4 years ago
0
Create mitigation to install Sysmon if not installed already

#354 ION28 opened 4 years ago
1
Add JSON log sink for Windows client

#353 ION28 closed 4 years ago
2
Massive overhaul to basically everything

#352 Jack-McDowell closed 4 years ago
4
Support for following .lnk files

#351 Jack-McDowell opened 4 years ago
0
Support new Mitre ATT&CK Sub-Technique numbering Scheme

#350 clr2of8 closed 4 years ago
4
Make MongoDB docker image

#349 CalvinKrist closed 4 years ago
1
Make Graylog Docker image

#348 CalvinKrist closed 4 years ago
0
Make server build script

#347 CalvinKrist closed 4 years ago
0
Client user rights assignment

#346 wtm99 closed 4 years ago
3
[server] refining ansible deploy script

#345 DavidSmith166 closed 4 years ago
0
Create Logstash First Launch configuration script

#344 CalvinKrist closed 4 years ago
0
Don't launch Kibana and Logstash until Elasticsearch has launched

#343 CalvinKrist closed 4 years ago
0
Modify configurePassword script to work in First Execution as Interactive

#342 CalvinKrist closed 4 years ago
0
Create First Execution Server Script

#341 CalvinKrist closed 4 years ago
0
Updating server branch with latest from master

#340 DavidSmith166 closed 4 years ago
0
Pull in master README update to develop

#339 ION28 closed 4 years ago
0
Configure Logstash to properly handle BLUESPAWN logs

#338 CalvinKrist closed 4 years ago
0
Configure Filebeats to forward BLUESPAWN logs to Logstash

#337 CalvinKrist closed 4 years ago
0
Create GUI mechanisms to auto-install agents and beats

#336 CalvinKrist closed 4 years ago
0
Integrate Beats into Ansible installation

#335 CalvinKrist closed 4 years ago
0
Configure Filebeats and Winlogbeats to use SSL to talk with Logstash

#334 CalvinKrist closed 4 years ago
0
Add Logstash server with SSL certificates

#333 CalvinKrist closed 4 years ago
0
Develop Ansible Playbooks for install BLUESPAWN and Beats

#332 CalvinKrist closed 4 years ago
0
Add file MAC times to Detections

#331 ION28 closed 4 years ago
0
Client bugfixes

#330 Jack-McDowell closed 4 years ago
0
Merge of develop into master for v0.4.4-alpha Release

#329 ION28 closed 4 years ago
0
Fix bugs in wrappers; add support for cobalt strike beacon detection …

#328 Jack-McDowell closed 4 years ago
0
Tuning YARA rules from public repos

#327 ION28 closed 4 years ago
0
Wrap monitor callbacks and hunts in SEH to prevent a crash from takin…

#326 Jack-McDowell closed 4 years ago
0
Various updates across all hunts

#325 ION28 closed 4 years ago
0
Client lolbins

#324 Jack-McDowell closed 4 years ago
1
Update M1028-WFW to check MpsSvc Service

#323 ION28 closed 4 years ago
0
Client hunt sip

#322 Jack-McDowell closed 4 years ago
1
Add basic FW mitigations, Command Line logging

#321 ION28 closed 4 years ago
1
Add initial version of hunt for T1068 and add hunt for T1013

#320 ION28 closed 4 years ago
0
Add detection for CLSID hijacking. Also add support for checking if a…

#319 Jack-McDowell closed 4 years ago
1
T1054 - PowerShell Profiles

#318 ION28 closed 4 years ago
0

Previous Next