diff --git a/Competitive-notes.md b/Competitive-notes.md
deleted file mode 100644
index c17e0ca..0000000
--- a/Competitive-notes.md
+++ /dev/null
@@ -1,59 +0,0 @@
-# Commercial
-## Threatstack 
-"Continuous security monitoring for your cloud."
-
-Threatstack provides a host intrusion detection system that is currently focused on servers running in AWS. They deploy an agent that monitors:
-- process events (start, stop, network connections) via `auditd`
-- user events (commands run) 
-- file/directory activity via `inotify` and `fanotify`
-
-Their support docs explicitly state that they do not install a kernel module.
-
-It is a rule-based system, with rules like:
-
-- `(command = "scp" or command = "wget") and type = "start" and syscall = "execve"`
-- `type="connect" and connection.addr != null and connection.addr != "127.0.0.1"`
-
-Rules are configured by the user, with a number of pointers [here](https://threatstack.zendesk.com/hc/en-us/articles/203022169-Defensive-Policy-Creation-Use-Cases-and-What-to-Look-For).
-
-
-Based on [this](https://threatstack.zendesk.com/hc/en-us/articles/205992556-Tabbed-Alert-View-A-New-Way-to-Manage-Alerts) it looks like their system can routinely generate _lots_ of alerts.
-
-
-Also, based on [this](https://threatstack.zendesk.com/hc/en-us/articles/200635804-How-do-I-Configure-File-Integrity-Monitoring-FIM-Rules-) their FIM feature does not consider which process is accessing/modifying a file.
-
-
-
-## Twistlock
-
-Hangout on air, Chenxi Wang (Twistlock, https://www.linkedin.com/in/chenxi-wang-5588874) and Kit Merker (Google PM for Kubernetes).
-
-Pitch: containers were originally developed for resource isolation, not security isolation. We at Twistlock think that with the right tools, containers can actually make your system *more* secure.
-
-Challenges today: 
-- Lack of checking process for vulns when building container images. 
-- Lack of visibility and control in runtime
-- Ops often left out of the look because they can't look inside them. Can't run agents inside them, can't run logging scripts in them.
-
-Twistlock addresses security for the entire container lifecycle: vulnerability management (look at images statically, production containers, scan for vulns), role-based access control layer for docker and k8s, and "smart runtime defense" 
-
-This talk focused on the first piece (vuln management). 
-### Vulnerability management and image scanning
-
-It integrates with a registry: download images form registry, decompose image into its layers, scan each layer from base linux distro to app framework to custom code. Results presented in a dashboard and can be sent out via http. 
-
-We use real-time vuln feeds to drive our service.
-
-### Runtime defense 
-
-Twistlock runs as a privileged container on each host. "Were able to observer execution of containers and detect anomalies, block certain things, kill anomalous containers". Didn't go into any more detail.
-
-
-
-
-
-
-# Open source
-## Snort
-## Suricata
-## OSSEC