[1] Some blue team objectives include: As part of the United States computer security defense initiative, red teams were developed to exploit other malicious entities that would do them harm.
[3] If an incident does occur within the organization, the blue team will perform the following six steps to handle the situation: In preparation for a computer security incident, the blue team will perform hardening techniques on all operating systems throughout the organization.
[5] The blue team must always be mindful of the network perimeter, including traffic flow, packet filtering, proxy firewalls, and intrusion detection systems.
[5] Blue teams employ a wide range of tools allowing them to detect an attack, collect forensic data, perform data analysis and make changes to threat future attacks and mitigate threats.
This type of software also uses data sources outside of the network including indicators of compromise (IoC) threat intelligence.