Blue teams will be assigned to the industries that they will defend throughout the cyberbattle. The main task of defenders is to identify and investigate attacks caused by red teams and report the attacks. Defenders should also submit reports on incidents (atomic attacks by red teams) that they detect in the infrastructure.
Defenders should
only submit reports on successful attacks. The following kinds of reports will be dismissed: reports on phishing attacks where users didn't click any malicious links, unsuccessful brute-force attack attempts, or investigation reports regarding facilities that don't belong to the cyberrange infrastructure.
To learn how to fill in reports, read the
guide for defenders.