To address low efficiency and context-deficient decision-making in blue-team incident response, this paper proposes CyberAlly, a knowledge graph–enhanced AI assistant. CyberAlly innovatively integrates large language models (LLMs) with a dynamically evolving adversarial knowledge graph, deployed within network ranges and open-source SIEM platforms. It enables real-time alert parsing, operational traceability, and generation of response recommendations grounded in historical red-blue engagement experience. Its event-driven architecture delivers context-aware, interpretable, and auditable decision support. Empirical evaluation in realistic cyber ranges demonstrates an 89% adoption rate for generated recommendations and a 42% reduction in mean response time, significantly improving both accuracy and timeliness of blue-team actions. The core contribution is the first knowledge–language co-reasoning framework explicitly designed for closed-loop red-blue adversarial operations.

The increasing frequency and sophistication of cyberattacks demand innovative approaches to strengthen defense capabilities. Training on live infrastructure poses significant risks to organizations, making secure, isolated cyber ranges an essential tool for conducting Red vs. Blue Team training events. These events enable security teams to refine their skills without impacting operational environments. While such training provides a strong foundation, the ever-evolving nature of cyber threats necessitates additional support for effective defense. To address this challenge, we introduce CyberAlly, a knowledge graph-enhanced AI assistant designed to enhance the efficiency and effectiveness of Blue Teams during incident response. Integrated into our cyber range alongside an open-source SIEM platform, CyberAlly monitors alerts, tracks Blue Team actions, and suggests tailored mitigation recommendations based on insights from prior Red vs. Blue Team exercises. This demonstration highlights the feasibility and impact of CyberAlly in augmenting incident response and equipping defenders to tackle evolving threats with greater precision and confidence.