| Document | Purpose | When to Use |
|---|---|---|
| README.md | Project overview & setup | First-time users, general info |
| DEMO_GUIDE.md | Complete demo instructions | Preparing for presentations |
| DEMO_CHEAT_SHEET.md | One-page reference | During live demos |
| PRESENTATION_SLIDES_OUTLINE.md | Slide deck structure | Creating presentations |
| VIDEO_DEMO_SCRIPT.md | Recording instructions | Making demo videos |
| KIBANA_USAGE_GUIDE.md | How to use Kibana | Learning the interface |
| KIBANA_INDEX_PATTERN_SETUP.md | Detailed setup steps | First-time Kibana setup |
| QUICK_START_INDEX_PATTERNS.md | Quick reference | Fast index pattern creation |
| INDEX_PATTERN_ERROR_SOLUTION.md | Troubleshooting | When you see errors |
| SEARCH_EXAMPLES.md | Query examples | Finding specific threats |
| DETECTION_QUERIES.md | Detection rules explained | Understanding how detection works |
| PROJECT_STATUS.md | Current system state | Checking what's working |
-
Clone/Update Repository
git clone https://github.com/Prajjwal2051/Detection-of-APT-s-attack.git cd Detection-of-APT-s-attack git pull # if already cloned
-
Test System
./start.sh # Wait 2-3 minutes docker-compose ps # Verify all services running
-
Verify Data
curl 'http://localhost:9200/_cat/indices?v' | grep apt curl 'http://localhost:9200/apt-detection-*/_count?pretty'
-
Create Index Patterns
- Open: http://localhost:5601
- Go to: Management → Stack Management → Index Patterns
- Create:
apt-detection-* - Create:
apt-threats-*
-
Practice Demo
- Follow DEMO_GUIDE.md
- Time yourself (should be 5-20 minutes depending on version)
- Practice transitions between sections
-
Start System
cd Detection-of-APT-s-attack ./start.sh -
Quick Checks
# All services up? docker-compose ps # Kibana responsive? curl http://localhost:5601/api/status | grep available # Data exists? curl 'http://localhost:9200/apt-threats-*/_count?pretty'
-
Prepare Browser
- Open Kibana: http://localhost:5601
- Open GitHub: https://github.com/Prajjwal2051/Detection-of-APT-s-attack
- Close other tabs
- Clear notifications
- Zoom to 100%
-
Have Ready
- DEMO_CHEAT_SHEET.md printed or on second screen
- Terminal open with project directory
- Backup screenshots (in case of failure)
- Water for your voice
Follow: DEMO_CHEAT_SHEET.md → "5-Minute Demo Script"
Outline:
- Intro (30s): "APT Detection System using ELK Stack"
- Architecture (30s): Show diagram
- Live Detection (2m): Show threats in Kibana
- Details (1m): Expand event, show MITRE mapping
- Wrap-up (1m): Key features, GitHub link
Follow: DEMO_GUIDE.md → "Full Demo Presentation"
Structure:
- Problem Statement (2m): Why APT detection matters
- Solution Overview (3m): System architecture
- MITRE Coverage (2m): Attack techniques covered
- Live Demo (8m):
- View all threats
- Investigate credential dumping
- Track lateral movement
- Show data exfiltration
- Demonstrate search capabilities
- Use Cases (2m): SOC, incident response, threat hunting
- Q&A (3m): Answer questions
Follow: DEMO_GUIDE.md → "Live Demonstration Script"
Story-based approach:
- Setup (1m): "Let's track an APT attack"
- Stage 1 - Reconnaissance (2m)
- Stage 2 - Credential Theft (2m)
- Stage 3 - Lateral Movement (2m)
- Stage 4 - Data Exfiltration (2m)
- Summary (1m): Complete attack timeline
- Focus on architecture and implementation
- Show code (Logstash rules, Docker Compose)
- Discuss scalability and performance
- Deep dive into detection logic
- Emphasize MITRE ATT&CK mapping
- Show threat hunting capabilities
- Discuss integration with existing tools
- Highlight detection accuracy
- Focus on ROI (open-source = $0 cost)
- Show business value (prevent breaches)
- Discuss compliance benefits
- Use analogies (avoid jargon)
- Explain learning objectives
- Discuss methodologies
- Share technical challenges
- Encourage experimentation
Tools: Google Slides, PowerPoint, Keynote
Structure:
- Title slide
- Problem statement
- Solution overview
- Architecture diagram
- MITRE coverage
- LIVE DEMO (main attraction)
- Technical implementation
- Use cases
- Resources & GitHub
- Q&A
Time: 15-20 slides for 20-minute presentation
Tools: OBS Studio, Camtasia, Screen Recorder
Process:
- Prepare system (all services running)
- Write script with timing
- Practice 2-3 times
- Record in segments (easier editing)
- Edit with text overlays
- Export in 1080p
- Upload to YouTube
Length: 10-12 minutes for complete demo
Quick Fix:
# Insert sample data manually
curl -X POST "http://localhost:9200/apt-threats-$(date +%Y.%m.%d)/_doc" \
-H 'Content-Type: application/json' -d'{
"@timestamp": "'$(date -u +%Y-%m-%dT%H:%M:%SZ)'",
"threat_detected": "credential_dumping",
"severity": "critical",
"mitre_technique": "T1003.001",
"host": {"name": "DEMO-PC"},
"message": "Demo threat event"
}'
# Refresh
curl -X POST "http://localhost:9200/apt-*/_refresh"Quick Fix:
# Restart Kibana
docker-compose restart kibana
# Wait 30 seconds
sleep 30
# Check status
curl http://localhost:5601/api/statusWhile waiting, say:
"While Kibana restarts, let me explain the system architecture..."
Quick Fix:
- Go to: Management → Stack Management → Index Patterns
- Create:
apt-detection-*with@timestamp - Create:
apt-threats-*with@timestamp
See: INDEX_PATTERN_ERROR_SOLUTION.md for details
Backup Plan:
- Show screenshots (prepare beforehand)
- Show recorded video (have ready)
- Walk through documentation
- Explain architecture verbally
- Answer questions about implementation
Read in order:
- README.md (overview)
- Start system:
./start.sh - KIBANA_INDEX_PATTERN_SETUP.md (setup Kibana)
- KIBANA_USAGE_GUIDE.md (learn interface)
Read in order:
- DEMO_GUIDE.md (full instructions)
- DEMO_CHEAT_SHEET.md (quick reference)
- PRESENTATION_SLIDES_OUTLINE.md (if making slides)
- VIDEO_DEMO_SCRIPT.md (if recording)
Check:
- PROJECT_STATUS.md (current state)
- INDEX_PATTERN_ERROR_SOLUTION.md (if errors)
- README.md → Troubleshooting section
Read in order:
- KIBANA_INDEX_PATTERN_SETUP.md (setup)
- QUICK_START_INDEX_PATTERNS.md (quick ref)
- KIBANA_USAGE_GUIDE.md (complete guide)
- SEARCH_EXAMPLES.md (practice queries)
Time: 10-15 minutes Focus: Technical skills, problem-solving Show: Architecture, detection logic, code quality Documents: DEMO_GUIDE.md + GitHub profile
Time: 15-20 minutes Focus: Learning outcomes, methodology Show: Problem → Solution → Demo → Lessons learned Documents: PRESENTATION_SLIDES_OUTLINE.md
Time: 20-30 minutes Focus: Technical depth, community value Show: Full demo, Q&A, open-source contribution Documents: DEMO_GUIDE.md (full version)
Time: 3-5 minutes Focus: Quick impact, shareability Show: Hook → Quick demo → Call-to-action Documents: VIDEO_DEMO_SCRIPT.md (short version)
Time: 15-20 minutes Focus: Business value, ROI Show: Problem impact → Solution benefits → Live demo Documents: PRESENTATION_SLIDES_OUTLINE.md
✅ Practice 3+ times ✅ Test on actual demo machine ✅ Prepare backup materials ✅ Know your audience ✅ Time yourself ✅ Charge laptop ✅ Test screen sharing (if remote)
✅ Start with impact (show cool stuff first) ✅ Speak clearly and steadily ✅ Make eye contact (live) or look at camera (video) ✅ Point out important elements with cursor ✅ Pause to let concepts sink in ✅ Handle questions confidently ✅ Show enthusiasm!
✅ Share GitHub link ✅ Offer to answer questions ✅ Follow up via email ✅ Get feedback ✅ Update documentation based on questions
Your demo is successful if:
- Audience understands what APTs are
- They see the system working live
- They understand MITRE mapping
- They see practical value
- They ask engaged questions
- They visit your GitHub repo
- You feel confident and proud
- Review all documentation in
/docs/ - Check GitHub Issues for common problems
- Test early and often
- Use DEMO_CHEAT_SHEET.md as reference
- Have backup plan ready
- Stay calm and confident
- Document lessons learned
- Update documentation
- Share your experience
- You built this! You understand it better than anyone
- Practice makes perfect - The more you demo, the better you get
- Backup plans - Always have screenshots/video ready
- Passion shows - Your enthusiasm is contagious
- Questions are good - They show engagement
- It's okay to say "I don't know" - Follow up later
- Have fun! - Enjoy showcasing your work
Print this and check off:
24 Hours Before:
- System tested on demo machine
- All documentation reviewed
- Backup materials prepared (screenshots/video)
- Practiced demo script 3+ times
- Slides created (if needed)
1 Hour Before:
- System started (
./start.sh) - All services running healthy
- Data verified (indices exist)
- Index patterns created
- Browser tabs ready
- Notifications disabled
- Laptop charged
5 Minutes Before:
- Kibana responsive
- Quick search test successful
- Cheat sheet ready
- Water available
- Deep breath taken 😊
During Demo:
- Speak clearly
- Show enthusiasm
- Make eye contact
- Handle questions well
- Stay within time
After Demo:
- Share GitHub link
- Thank audience
- Offer follow-up
You have everything you need to deliver an impressive demo:
✅ Working system ✅ Complete documentation ✅ Demo scripts ✅ Presentation outlines ✅ Video scripts ✅ Troubleshooting guides ✅ Backup plans
Now go showcase your amazing work! 🚀
Good luck! You've got this! 💪
# Start system
./start.sh
# Check status
docker-compose ps
# Verify data
curl 'http://localhost:9200/apt-*/_count?pretty'
# Access Kibana
http://localhost:5601
# Emergency data insert
curl -X POST "http://localhost:9200/apt-threats-$(date +%Y.%m.%d)/_doc" \
-H 'Content-Type: application/json' -d'{
"@timestamp": "'$(date -u +%Y-%m-%dT%H:%M:%SZ)'",
"threat_detected": "credential_dumping",
"severity": "critical",
"mitre_technique": "T1003.001",
"host": {"name": "DEMO-PC"},
"message": "Live demo threat"
}'
# Stop system
docker-compose downProject GitHub: https://github.com/Prajjwal2051/Detection-of-APT-s-attack
Remember: Practice → Prepare → Present → Prosper! 🎯