Defender teams do not compete with each other, nor do they earn points. However, participants can evaluate their progress based on
two key indicators: the average time to investigate a critical event and the number of incidents detected.
Defenders should only submit investigation reports on successful attacks. This means that reports on things such as the following will be dismissed: phishing attacks where users didn’t click any malicious links, unsuccessful brute-force attack attempts, or attacks on facilities that don’t belong to the cyberrange infrastructure.
To learn how to fill out reports, read our
guide for defenders.