Abstract.  Analyzing the behavior of users participating in a hands-on cybersecurity training program is very difficult. It is because the data captured during the training session can provide only a limited view of real actions that the participant did in the computer network. However, behavior analysis is important for the efficient supervision of exercises, providing feedback to trainees, or revealing drawbacks in training scenarios. In this talk, I will explain motivation and challenges in providing tools for behavior analysis. Two different approaches will be discussed: (a) the usage of visual analytics methods, and (b) the application of the process mining & discovery methods.