A
blue team is the defensive security team — responsible for detection, response, and hardening. They defend against attacks (real and simulated by red teams).
Blue = defense, Red = offense, Purple = both working together sharing knowledge. Blue team tools: SIEM, IDS/IPS, EDR, threat intel feeds. Purple teaming improves both red and blue capabilities.