Mind map of blue teaming, with a central node branching into twelve domains grouped into defense and response, monitoring and tools, and intelligence and governance, each listing its key subtopics.
Blue Teaming
Defense & response
Monitoring & tools
Intelligence & governance
Blue Team Operations
- Attack simulation
- Detection engineering
- Threat hunting
- Continuous monitoring
- Security automation
Threat Detection
- MITRE ATT&CK mapping
- Signature detection
- Threat intelligence
- SIEM analysis
- Behavior analysis
- Anomaly detection
Incident Response
- Incident identification
- Incident analysis
- Containment
- Eradication
- Recovery
- Post-incident review
Vulnerability Management
- Asset discovery
- Vulnerability scanning
- Risk assessment
- Configuration hardening
- Patch management
Security Monitoring
- Security alerts
- Threat detection
- Endpoint monitoring
- Security operations center (SOC)
- Log monitoring
- Network monitoring
Security Tools
- Threat intelligence platforms
- Network IDS / IPS
- SIEM platforms
- EDR platforms
- SOAR platforms
Log Management
- Centralized logging
- Log correlation
- Authentication logs
- System logs
- Application logs
- Network logs
Network Security
- Intrusion detection system (IDS)
- Intrusion prevention system (IPS)
- Firewall monitoring
- Network traffic analysis
- DNS monitoring
- VPN monitoring
Compliance and Governance
- Security policies
- Security auditing
- Security awareness training
- Risk management
- Regulatory compliance
Identity Security
- Identity threat detection
- Account monitoring
- Access control
- Multi-factor authentication
- Privileged access management
Threat Intelligence
- Adversary tracking
- Malware analysis
- Indicators of compromise (IOC)
- Indicators of attack (IOA)
- Threat feeds
Endpoint Security
- Host intrusion detection
- Endpoint detection and response (EDR)
- Antivirus / anti-malware
- Patch management
- Device control
