Blue Team

Blue Team

The group responsible for defending an enterprise's use of information systems by maintaining its security posture against a group of mock attackers (i.e., the Red Team). Typically the Blue Team and its supporters must defend against real or simulated attacks 1) over a significant period of time, 2) in a representative operational context (e.g., as part of an operational exercise), and 3) according to rules established and monitored with the help of a neutral group refereeing the simulation or exercise (i.e., the White Team).

Resources and Tools

• Open Source Security Guide

• DevSecOpsGuides

• Awesome Security

• SAAS Attacks

• Ports Database

Hardening

• Windows Hardening

• Linux Hardening Guide

• Awesome Security Hardening

Ransomware

• Ransomware live

• RansomWatch

• RansomFeed

• Scam Alert

Datasets

• Security Datasets

• Splunk Attack Data Repository

DMARC

• DMARC Tester 1

• DMARC Tester 2

DLP

• DLP Test