-
Notifications
You must be signed in to change notification settings - Fork 170
Home
Jake Smith edited this page Jun 18, 2020
·
25 revisions
BLUESPAWN is an active defense and Endpoint Detection and Response (EDR) tool designed to be operated by a technical expert to detect, identify, and eliminate malicious activity from a Windows machine. It consists of a client with three modes:
- Hunt: actively hunt for malware on a Windows machine. These are all attached to specific MITRE attack techniques.
- Monitor: passively operate in the background and monitor for suspicious activity. This mode launches a hunt when something is detected.
- Mitigate: reduces the risk present on a Windows system by looking for weak security policies and settings, then helping an operator fix them.
Check out the following pages to learn more about BLUESPAWN!