From bd5069b5dfa642c4d8b5f6d6d6b90ba0d98aa9ad Mon Sep 17 00:00:00 2001
From: dluxtron <106139814+dluxtron@users.noreply.github.com>
Date: Wed, 27 Sep 2023 17:15:32 +1000
Subject: [PATCH] adding datasets

---
 datasets/attack_techniques/T1014/drivers.yml                   | 2 ++
 datasets/attack_techniques/T1014/windows-system.log            | 3 +++
 .../T1098/account_manipulation/account_manipulation.yml        | 2 ++
 .../T1098/account_manipulation/xml-windows-security.log        | 3 +++
 .../T1136.001/atomic_red_team/atomic_red_team.yml              | 2 ++
 .../T1136.001/atomic_red_team/xml-windows-security.log         | 3 +++
 6 files changed, 15 insertions(+)
 create mode 100644 datasets/attack_techniques/T1014/windows-system.log
 create mode 100644 datasets/attack_techniques/T1098/account_manipulation/xml-windows-security.log
 create mode 100644 datasets/attack_techniques/T1136.001/atomic_red_team/xml-windows-security.log

diff --git a/datasets/attack_techniques/T1014/drivers.yml b/datasets/attack_techniques/T1014/drivers.yml
index 958830c2..1ab551a6 100644
--- a/datasets/attack_techniques/T1014/drivers.yml
+++ b/datasets/attack_techniques/T1014/drivers.yml
@@ -6,8 +6,10 @@ environment: attack_range
 dataset:
 - https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1014/windows-security.log
 - https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1014/windows-sysmon.log
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1014/windows-system.log
 sourcetypes:
 - XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
 - WinEventLog:Security
+- XmlWinEventLog:System
 references:
 - https://attack.mitre.org/techniques/T1014
diff --git a/datasets/attack_techniques/T1014/windows-system.log b/datasets/attack_techniques/T1014/windows-system.log
new file mode 100644
index 00000000..c214dbc7
--- /dev/null
+++ b/datasets/attack_techniques/T1014/windows-system.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:33e6f72f893a469c4aaff50a94d37c157e51b1f2bcf6bacb90a1c44f23781735
+size 9148
diff --git a/datasets/attack_techniques/T1098/account_manipulation/account_manipulation.yml b/datasets/attack_techniques/T1098/account_manipulation/account_manipulation.yml
index af351f5a..40c93ccb 100644
--- a/datasets/attack_techniques/T1098/account_manipulation/account_manipulation.yml
+++ b/datasets/attack_techniques/T1098/account_manipulation/account_manipulation.yml
@@ -10,8 +10,10 @@ dataset:
 - https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1098/aws_iam_delete_policy/aws_iam_delete_policy.json
 - https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1098/aws_iam_failure_group_deletion/aws_iam_failure_group_deletion.json
 - https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1098/aws_iam_successful_group_deletion/aws_iam_successful_group_deletion.json
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1098/xml-windows-security.log
 sourcetypes:
 - WinEventLog:Security
 - aws:cloudtrail
+- XmlWinEventLog:Security
 references:
 - https://attack.mitre.org/techniques/T1098/
diff --git a/datasets/attack_techniques/T1098/account_manipulation/xml-windows-security.log b/datasets/attack_techniques/T1098/account_manipulation/xml-windows-security.log
new file mode 100644
index 00000000..a12690e9
--- /dev/null
+++ b/datasets/attack_techniques/T1098/account_manipulation/xml-windows-security.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c063086f930515897c38f9a156f6238eb1ec79f61faa08074f87128142d14d46
+size 2193
diff --git a/datasets/attack_techniques/T1136.001/atomic_red_team/atomic_red_team.yml b/datasets/attack_techniques/T1136.001/atomic_red_team/atomic_red_team.yml
index 7f52412e..5e5ee1f8 100644
--- a/datasets/attack_techniques/T1136.001/atomic_red_team/atomic_red_team.yml
+++ b/datasets/attack_techniques/T1136.001/atomic_red_team/atomic_red_team.yml
@@ -12,11 +12,13 @@ dataset:
 - https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1136.001/atomic_red_team/4720.log
 - https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1136.001/atomic_red_team/windows-sysmon.log
 - https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1136.001/atomic_red_team/windows-system.log
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1136.001/atomic_red_team/xml-windows-security.log
 sourcetypes:
 - XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
 - WinEventLog:Microsoft-Windows-PowerShell/Operational
 - WinEventLog:System
 - WinEventLog:Security
+- XmlWinEventLog:Security
 references:
 - https://attack.mitre.org/techniques/T1136/001
 - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1136.001/T1136.001.md
diff --git a/datasets/attack_techniques/T1136.001/atomic_red_team/xml-windows-security.log b/datasets/attack_techniques/T1136.001/atomic_red_team/xml-windows-security.log
new file mode 100644
index 00000000..b17515a7
--- /dev/null
+++ b/datasets/attack_techniques/T1136.001/atomic_red_team/xml-windows-security.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9eaa564e74abbc6b5ac38d4d0a209f1240cd910e223d5f35010ae68e6355fd73
+size 2857