There folders contain the following:

Blue team's log: the observations made by the IDS operator and recordings made by the hybrid IDS system.
Red tem's log: the diary of the red team and the output of their activities (scans etc.).
Network traffic: recordings of the network traffic in the exercise.
Machine logs: syslog and windows event logs (N.B. The archives also contain other files which are irrelevant).
Snort's output: the output produced by the snort-part of the hybrid IDS.
zabbix's output: the output produced by the zabbix part of the hybrid IDS.
System documentation: documentation of machines etc in the targeted networks.

The folders contain some extra meta-information written in .txt files. However, since it is difficult to know which parts of this data that a user of the dataaset is interested in, it is described on a high and general level of abstraction. If you are in need of clarifications, or other details, please contact: teodor.sommestad@foi.se or michael.wedlin@foi.se.