The ultimate test of the security operations center
Netleaf: Cyber Defence Center
Welcome to Netleaf: Cyber Defence Center, a strategic board game where players compete to build and secure their cyber infrastructure while blocking threats and outsmarting opponents. In this immersive game, you’ll navigate the intricate world of cyber security, constructing log collectors, establishing operations rooms, and acquiring valuable support cards to gain an edge. But beware, as hackers lurk and dice rolls can tip the balance of power. Engage in sharp card trading, deploy shortcuts, and leverage your network security expertise to emerge victorious in Netleaf: Cyber Defence Center.
Game Components
- 19 IT hexes
- 9 empty border hexes
- 9 special border hexes (3:1 or 2:1)
- 18 circular number tokens
- 95 component cards (with symbols of honeypots, SIEM, IDR and network sensors)
- 26 support cards (14 SOC engineer cards, 5 security cards, 6 shortcut cards)
- 4 building cost cards
- 2 award cards: biggest network and biggest work force
- 16 operations rooms (4 of each color)
- 16 log collectors (4 of each color)
- 60 cables (15 of each color)
- 2 dice
- 1 hacker
Game Pieces
Cables
Log collector
Operations room
7
When a player rolls a 7, they have the opportunity to position the hacker on any numbered space on the board. Those holding more than 7 cards are required to return half of their cards to the bank. If the total number of cards is odd, players must surrender the smaller portion.
The player who rolled a 7 can select a card from the player whose log collector or operations room is adjacent to a component hex border.
If a players number is covered by the hacker, they do not receive any component cards until the hacker is relocated.
Each time someone rolls a 7, the hacker must change positions. For instance, if the hacker was positioned on number 9 on a SIEM hex, it must be moved elsewhere, such as number 8 on an endpoint hex.
We begin the game by placing the hacker on the middle hex, the black one with the Netleaf icon on it.
Constructing the board
Support card
Workforce
Using your workforce card enables you to relocate the hacker to a number of your preference.
Upon acquiring 3 workforce cards, you obtain the largest workforce card. However, if another player possesses more workforce cards than you, the card transfers to that player.
When you buy a workforce card you can play them when it is your turn but you need to start with that card. After you have used the card you have to lay them down in front of you for the rest of the game and are not able to reuse them.
Shortcuts
Three distinct shortcut cards offer unique advantages:
- Alt 4: Allows you to claim all component cards of a specified type from other players.
- Ctrl C + Ctrl V: Enables you to place 2 cables.
- Ctrl Shift Esc: Grants you the ability to select 2 component cards of your choice from the bank.
Security
Preparing the game
To determine the starting player, each player rolls two dice. The player achieving the highest total begins the game, then you take turns clockwise. In the initial round, each player positions a log collector and a cable at a junction between two or three hexes. The log collectors of the same color don’t need to be connected to each other and can be on the opposite side of the board.
The size of the number is linked to the likelihood of rolling the number, the bigger the number the higher the chance of rolling the number.
Positioning a log collector at a hex intersection can offer a strategic advantage.
Once the log collectors are set, players can proceed to lay cables. Afterwards, the process repeats, starting from the last player. Players retrieve cards corresponding to their final log collector placement.
Important: Log collectors must be built at least two cables apart, and the initial cables must not intersect.
Once all players have positioned two log collectors and two cables, the game begins. Roll the dice to determine which cards you receive. For instance, if your log collector is adjacent to a SIEM marked with a number 9 and the dice yields a 9, you acquire a corresponding SIEM card from the bank. If you have multiple log collectors/operations room connected to a number you get cards for each log collector/operations room.
Bank
The player that rolled the lowest dice in the beginning of the game becomes the bank. That person has the responsibility to give the necessary cards everytime the dice rolls. He/she should also make sure that everyone pays the correct amount when they buy or trade something.
Trade
How to play
Once the game board is set up with numbers and log collectors/cables are in place, you can begin playing.
Your turn proceeds as follows:
- Play a support card (optional).
- Roll the dice.
- Collect component cards from the bank. The number of log collectors or operation rooms on a specific number determines the amount of components collected.
- Trade cards and placing cables/log collectors/operations rooms (optional).
After trading your cards your turn comes to an end. The player to your left can now start their turn.
How to win
Game info and rules
Win the game by earning 10 victory points. Points are earned by constructing log collectors and operations rooms, possessing the largest network or workforce, and purchasing support cards.
Dictionary
Log collector
A log collector is a software tool that gathers and stores system events for analysis. It’s essential for identifying security threats and troubleshooting issues.
Operations room
An operations room is a centralized location where IT professionals monitor and manage systems. It’s often used for responding to security incidents.
Email Security
Email security is safeguarding your email accounts and messages from unauthorized access, theft, or malicious attacks.
Cloud Security
Cloud security is like a combination of high-tech locks, firewalls, and alarms for your data and apps in the cloud, constantly on guard against hacking attempts, data leaks, and outages.
Remote access
Remote access security is like a secure bridge between your device and the network, ensuring only authorized users can cross and protecting sensitive information during the journey.
Firewall
A firewall acts like a security guard at your network’s entrance, checking incoming and outgoing traffic to block anything suspicious and only allowing safe connections.
Network Access Control
Network Access Control (NAC) is like a bouncer at a high-security club for your network, only letting in devices that meet specific criteria and keeping out any unauthorized or risky ones.
Penetration tester
A penetration tester, also called a pen tester, is a cyber security professional who ethically hacks into a computer system or network to find vulnerabilities before malicious actors can exploit them.
SOC analyst
Reacts to alerts generated by security tools, investigating potential incidents and taking steps to contain them. Imagine a lookout who identifies and investigates smoke on the horizon.
Threat hunter
Proactively searches for hidden threats within a network, using their knowledge and analytical skills to uncover potential attacks before they happen. Think of a detective who investigates suspicious activity even before any alarms are triggered.
SOC Engineer
A SOC engineer is the tech whiz of the security team, building and maintaining the tools analysts use to fight cyber threats.
Alt F4
This is a keyboard shortcut that closes the currently active window on your computer.
CTRL C + CTRL V
Ctrl C is used to copy highlighted text, images, or files, while Ctrl V pastes the copied content wherever your cursor is positioned.
CTRL SHIFT ESC
Ctrl Shift Esc is a keyboard shortcut that launches the Task Manager on your computer. This tool lets you manage running applications, processes, and system resources.