HELK is an interesting platform to carry endpoint threat hunting and is useful both in a production situation as well as for research and training. For research and training purposes a key part is to add sample data to be able to practice hunting queries.
Yes this could probably be done in a better way but the goal here was K.I.S.S. and quick and dirty.
Splunk provides sample data from it's BOSS of the SOC CTF. Both v1 and v2 has been published as open source, more info here. The v1 data is available on github here unfortunately it is formatted for ingestion into Splunk.
The goal is to import into the HELK platform which is based on an ELK stack (elasticsearch, logstash and kibana). Thankfully, Sébastien Lehuédé has converted the data and done th