Atomic Blue Team is a collection of Adversary Simulation Tests and Detection Methods based on the Red Canary Atomic Red Team
Atomic Red Team gives gives defenders very actionable ways to test defenses against common attacks performed by attackers based on the MITRE ATT&CK Framework, however it does not have references for many of the ways defenders can detect the attacks.
The Atomic Blue Team is broken into 3 spreadsheets with tests built by Atomic Red Team. Evidence to look for on Windows from each test is collected from the JPCERT IR Tool Analysis Result Sheet.
A sample test plan is built based on MITRE Techniques with known tests and the techniques that also have tools with detection guidance.
##todo
- Pull in Linux and MacOS tests and detection methods
- Add additional Red Team tests and detection methods for Windows
- Build summary worksheet similar to the ThreatHunter Playbook.