Skip to content

Commit

Permalink
Merge pull request #838 from dluxtron/master
Browse files Browse the repository at this point in the history 
adding datasets
  • Loading branch information
@mvelazc0
mvelazc0 authored Oct 12, 2023
2 parents 691a5ac + bd5069b commit 3e701c4
Show file tree
Hide file tree
Showing 6 changed files with 15 additions and 0 deletions.
2 changes: 2 additions & 0 deletions datasets/attack_techniques/T1014/drivers.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,10 @@ environment: attack_range
dataset:
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1014/windows-security.log
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1014/windows-sysmon.log
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1014/windows-system.log
sourcetypes:
- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
- WinEventLog:Security
- XmlWinEventLog:System
references:
- https://attack.mitre.org/techniques/T1014
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1014/windows-system.log
View file
Git LFS file not shown
2 changes: 2 additions & 0 deletions datasets/attack_techniques/T1098/account_manipulation/account_manipulation.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,10 @@ dataset:
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1098/aws_iam_delete_policy/aws_iam_delete_policy.json
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1098/aws_iam_failure_group_deletion/aws_iam_failure_group_deletion.json
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1098/aws_iam_successful_group_deletion/aws_iam_successful_group_deletion.json
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1098/xml-windows-security.log
sourcetypes:
- WinEventLog:Security
- aws:cloudtrail
- XmlWinEventLog:Security
references:
- https://attack.mitre.org/techniques/T1098/
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1098/account_manipulation/xml-windows-security.log
View file
Git LFS file not shown
2 changes: 2 additions & 0 deletions datasets/attack_techniques/T1136.001/atomic_red_team/atomic_red_team.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,13 @@ dataset:
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1136.001/atomic_red_team/4720.log
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1136.001/atomic_red_team/windows-sysmon.log
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1136.001/atomic_red_team/windows-system.log
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1136.001/atomic_red_team/xml-windows-security.log
sourcetypes:
- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
- WinEventLog:Microsoft-Windows-PowerShell/Operational
- WinEventLog:System
- WinEventLog:Security
- XmlWinEventLog:Security
references:
- https://attack.mitre.org/techniques/T1136/001
- https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md
Expand Down
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1136.001/atomic_red_team/xml-windows-security.log
View file
Git LFS file not shown

0 comments on commit 3e701c4

Please sign in to comment.