Running on a mac

bash ./run-demo.sh

then demo the data rolling into kibana...

then to simulate someone doing potential bad things to a system, we'll just copy an executable in sbin...

bash ./demo2.sh

now go and search for badactor and find the record of a new file being introduced

then change it again...

bash ./demo3.sh

and show a second line recorded that details a change in /sbin/ to the same file.

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
elasticsearch		elasticsearch
kafka		kafka
kibana		kibana
logstash		logstash
osqueryd		osqueryd
zookeeper		zookeeper
README.md		README.md
demo1.sh		demo1.sh
demo2.sh		demo2.sh
demo3.sh		demo3.sh
docker-compose.yml		docker-compose.yml

Provide feedback