The role of the Blue Team is your protector and first line of defense. Some of their duties are:
- Respond to alerts from security devices
- Tune false positives
- Notify the client if malicious activity is detected
- Analyze logs for malicious activity
- Design and implement security in the organization
- Create alerts that match with malicious activity
Here are the main roles in the Blue Team:
- Security Analyst
- Security Engineer
- Incident Responder
- Threat Hunter