issues
search
ION28
/
BLUESPAWN
An Active Defense and EDR software to empower Blue Teams
GNU General Public License v3.0
1.23k
stars
167
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Research possible integration of FireEye's capa into scan mode
#367
ION28
opened
4 years ago
0
v0.5.0-alpha Release Coordination
#366
ION28
closed
4 years ago
2
Client reduce false positives
#365
Jack-McDowell
closed
4 years ago
0
Updates to testing to support subtechniques
#364
ION28
closed
4 years ago
3
Some bugfixes, and some refactoring
#363
Jack-McDowell
closed
4 years ago
1
Add support for MITRE ATT&CK Subtechniques in BLUESPAWN
#362
ION28
closed
4 years ago
0
Tune PE-Sieve
#361
Jack-McDowell
closed
4 years ago
0
Investigate log troubles
#360
Jack-McDowell
closed
4 years ago
0
Migrate dependencies to forks we control or vcpkg
#359
Jack-McDowell
closed
4 years ago
1
Integrate log analysis with active defense measures
#358
Jack-McDowell
opened
4 years ago
0
Modify scan triggers for associativity scans
#357
Jack-McDowell
closed
4 years ago
1
Better handling for unsigned non-executable files
#356
Jack-McDowell
closed
4 years ago
1
Investigate "ghost" detections
#355
Jack-McDowell
opened
4 years ago
0
Create mitigation to install Sysmon if not installed already
#354
ION28
opened
4 years ago
1
Add JSON log sink for Windows client
#353
ION28
closed
4 years ago
2
Massive overhaul to basically everything
#352
Jack-McDowell
closed
4 years ago
4
Support for following .lnk files
#351
Jack-McDowell
opened
4 years ago
0
Support new Mitre ATT&CK Sub-Technique numbering Scheme
#350
clr2of8
closed
4 years ago
4
Make MongoDB docker image
#349
CalvinKrist
closed
4 years ago
1
Make Graylog Docker image
#348
CalvinKrist
closed
4 years ago
0
Make server build script
#347
CalvinKrist
closed
4 years ago
0
Client user rights assignment
#346
wtm99
closed
4 years ago
3
[server] refining ansible deploy script
#345
DavidSmith166
closed
4 years ago
0
Create Logstash First Launch configuration script
#344
CalvinKrist
closed
4 years ago
0
Don't launch Kibana and Logstash until Elasticsearch has launched
#343
CalvinKrist
closed
4 years ago
0
Modify configurePassword script to work in First Execution as Interactive
#342
CalvinKrist
closed
4 years ago
0
Create First Execution Server Script
#341
CalvinKrist
closed
4 years ago
0
Updating server branch with latest from master
#340
DavidSmith166
closed
4 years ago
0
Pull in master README update to develop
#339
ION28
closed
4 years ago
0
Configure Logstash to properly handle BLUESPAWN logs
#338
CalvinKrist
closed
4 years ago
0
Configure Filebeats to forward BLUESPAWN logs to Logstash
#337
CalvinKrist
closed
4 years ago
0
Create GUI mechanisms to auto-install agents and beats
#336
CalvinKrist
closed
4 years ago
0
Integrate Beats into Ansible installation
#335
CalvinKrist
closed
4 years ago
0
Configure Filebeats and Winlogbeats to use SSL to talk with Logstash
#334
CalvinKrist
closed
4 years ago
0
Add Logstash server with SSL certificates
#333
CalvinKrist
closed
4 years ago
0
Develop Ansible Playbooks for install BLUESPAWN and Beats
#332
CalvinKrist
closed
4 years ago
0
Add file MAC times to Detections
#331
ION28
closed
4 years ago
0
Client bugfixes
#330
Jack-McDowell
closed
4 years ago
0
Merge of develop into master for v0.4.4-alpha Release
#329
ION28
closed
4 years ago
0
Fix bugs in wrappers; add support for cobalt strike beacon detection …
#328
Jack-McDowell
closed
4 years ago
0
Tuning YARA rules from public repos
#327
ION28
closed
4 years ago
0
Wrap monitor callbacks and hunts in SEH to prevent a crash from takin…
#326
Jack-McDowell
closed
4 years ago
0
Various updates across all hunts
#325
ION28
closed
4 years ago
0
Client lolbins
#324
Jack-McDowell
closed
4 years ago
1
Update M1028-WFW to check MpsSvc Service
#323
ION28
closed
4 years ago
0
Client hunt sip
#322
Jack-McDowell
closed
4 years ago
1
Add basic FW mitigations, Command Line logging
#321
ION28
closed
4 years ago
1
Add initial version of hunt for T1068 and add hunt for T1013
#320
ION28
closed
4 years ago
0
Add detection for CLSID hijacking. Also add support for checking if a…
#319
Jack-McDowell
closed
4 years ago
1
T1054 - PowerShell Profiles
#318
ION28
closed
4 years ago
0
Previous
Next