SCYTHE created a Purple Team Exercise Framework (PTEF) to facilitate the creation of a formal Purple Team Program by performing adversary emulations as Purple Team Exercises and/or Continuous Purple Teaming Operations.
Cyber Threat Intelligence - team to research and provide threat TTPs
Red Team - offensive team in charge of emulating adversaries
Blue Team - the defenders. Security Operations Center (SOC), Hunt Team, Digital Forensics and Incident Response (DFIR), and/or Managed Security Service Provides (MSSP)
Present adversary, TTPs, and technical details
Follow process to detect and respond to TTPs, share screen to confirm identification of artifacts
Can any adjustments or tuning to security controls and/or logging be made to increase visibility
Repeat procedure and record new results, move to next TTP