diff --git a/datasets/attack_techniques/T1021.006/wsman_trustedhost/wsman_pwh.log b/datasets/attack_techniques/T1021.006/wsman_trustedhost/wsman_pwh.log
new file mode 100644
index 00000000..3219a0e9
--- /dev/null
+++ b/datasets/attack_techniques/T1021.006/wsman_trustedhost/wsman_pwh.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:17654c941a11e47ee26c7d316ec1c29b684b7dde95d1c23eb2c6473b318c1c66
+size 988
diff --git a/datasets/attack_techniques/T1021.006/wsman_trustedhost/wsman_trustedhost.yml b/datasets/attack_techniques/T1021.006/wsman_trustedhost/wsman_trustedhost.yml
new file mode 100644
index 00000000..b96be2e0
--- /dev/null
+++ b/datasets/attack_techniques/T1021.006/wsman_trustedhost/wsman_trustedhost.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: a7e8ecfc-4ee6-4869-bd77-0d9fe5bcdc85
+date: '2023-11-23'
+description: Generated datasets for wsman trustedhost in attack range.
+environment: attackrange
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1021.006/wsman_trustedhost/wsman_pwh.log
+sourcetypes:
+- XmlWinEventLog:Microsoft-Windows-PowerShell/Operational
+references:
+- https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate
diff --git a/datasets/attack_techniques/T1036/msdtc_process_param/msdtc_a_sec.log b/datasets/attack_techniques/T1036/msdtc_process_param/msdtc_a_sec.log
new file mode 100644
index 00000000..f7e62e13
--- /dev/null
+++ b/datasets/attack_techniques/T1036/msdtc_process_param/msdtc_a_sec.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:68ef2c9d1add0439551da53a00963d3a47ae1731f22c98b4d56ecf9d74fb48b7
+size 1295
diff --git a/datasets/attack_techniques/T1036/msdtc_process_param/msdtc_a_sysmon.log b/datasets/attack_techniques/T1036/msdtc_process_param/msdtc_a_sysmon.log
new file mode 100644
index 00000000..ab4145cf
--- /dev/null
+++ b/datasets/attack_techniques/T1036/msdtc_process_param/msdtc_a_sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0cb72dd5c48a3e435b7fe3500c46106891c30a212d13fce1cf5915b7b4953a92
+size 1974
diff --git a/datasets/attack_techniques/T1036/msdtc_process_param/msdtc_process_param.yml b/datasets/attack_techniques/T1036/msdtc_process_param/msdtc_process_param.yml
new file mode 100644
index 00000000..85e64fd4
--- /dev/null
+++ b/datasets/attack_techniques/T1036/msdtc_process_param/msdtc_process_param.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: 70ab291a-0372-4d70-b256-1b0ec12076a5
+date: '2023-11-21'
+description: Generated datasets for msdtc process param in attack range.
+environment: attackrange
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1036/msdtc_process_param/msdtc_a_sysmon.log
+sourcetypes:
+- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+references:
+- https://malpedia.caad.fkie.fraunhofer.de/details/win.plugx
diff --git a/datasets/attack_techniques/T1059/defender/asr_audit.log b/datasets/attack_techniques/T1059/defender/asr_audit.log
new file mode 100644
index 00000000..1665beb3
--- /dev/null
+++ b/datasets/attack_techniques/T1059/defender/asr_audit.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:22bdb374cb93709e6c6641a4e73ce46645b08f59677f5a04378e0405a2896b23
+size 10110
diff --git a/datasets/attack_techniques/T1059/defender/asr_block.log b/datasets/attack_techniques/T1059/defender/asr_block.log
new file mode 100644
index 00000000..6d23cab7
--- /dev/null
+++ b/datasets/attack_techniques/T1059/defender/asr_block.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f28f703577db82e57eb58b5eb14ae326563448962973e883b798aa5d3cfa4d8b
+size 17408
diff --git a/datasets/attack_techniques/T1059/defender/asr_defender_operational.log b/datasets/attack_techniques/T1059/defender/asr_defender_operational.log
new file mode 100644
index 00000000..fd964e67
--- /dev/null
+++ b/datasets/attack_techniques/T1059/defender/asr_defender_operational.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cad3567c035dd20c319d3279ea67a8af38340104db4b5311c838ffac82fe6e5f
+size 230992
diff --git a/datasets/attack_techniques/T1059/defender/asr_disabled_registry.log b/datasets/attack_techniques/T1059/defender/asr_disabled_registry.log
new file mode 100644
index 00000000..ac79a697
--- /dev/null
+++ b/datasets/attack_techniques/T1059/defender/asr_disabled_registry.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:738512f57f34e87ebfe4eeed2985d0a51b808a80d063e695217225f72f8db577
+size 1045
diff --git a/datasets/attack_techniques/T1059/defender/asr_registry.log b/datasets/attack_techniques/T1059/defender/asr_registry.log
new file mode 100644
index 00000000..0d4506d1
--- /dev/null
+++ b/datasets/attack_techniques/T1059/defender/asr_registry.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1cc49d6c7bae25480ddf3efe94662b43e50cb9c7a1867632dcc3b021afb0a6c7
+size 80016
diff --git a/datasets/attack_techniques/T1059/defender/ms_defender.yml b/datasets/attack_techniques/T1059/defender/ms_defender.yml
new file mode 100644
index 00000000..fd159507
--- /dev/null
+++ b/datasets/attack_techniques/T1059/defender/ms_defender.yml
@@ -0,0 +1,17 @@
+author: Michael Haag, Splunk
+id: 20391e27-3a18-4e89-bf86-dddba22e5b28
+date: '2023-11-20'
+description: Contains Defender logs generated by testing the ASR rules.
+environment: custom
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1059/defender/asr_defender_operational.log
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1059/defender/asr_audit.log
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1059/defender/asr_block.log
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1059/defender/asr_registry.log
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1059/defender/asr_disabled_registry.log
+sourcetypes:
+  - xmlwineventlog
+  - wineventlog
+references:
+- https://asrgen.streamlit.app/
+- https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide
diff --git a/datasets/attack_techniques/T1070/rmdir_delete_files_and_dir/rmdir.log b/datasets/attack_techniques/T1070/rmdir_delete_files_and_dir/rmdir.log
new file mode 100644
index 00000000..3a61a9d7
--- /dev/null
+++ b/datasets/attack_techniques/T1070/rmdir_delete_files_and_dir/rmdir.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:411c7c804d42e2d82391ec9ae441ccf40a9f8c186012577455213fdcda025181
+size 1988
diff --git a/datasets/attack_techniques/T1070/rmdir_delete_files_and_dir/rmdir_delete_files_and_dir.yml b/datasets/attack_techniques/T1070/rmdir_delete_files_and_dir/rmdir_delete_files_and_dir.yml
new file mode 100644
index 00000000..b40123f0
--- /dev/null
+++ b/datasets/attack_techniques/T1070/rmdir_delete_files_and_dir/rmdir_delete_files_and_dir.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: c14ca9f1-6b61-46b6-a39c-fbd9c2ab3745
+date: '2023-11-23'
+description: Generated datasets for rmdir delete files and dir in attack range.
+environment: attackrange
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1070/rmdir_delete_files_and_dir/rmdir.log
+sourcetypes:
+- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+references:
+- https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate
diff --git a/datasets/attack_techniques/T1070/rmdir_delete_files_and_dir/rmdir_sec.log b/datasets/attack_techniques/T1070/rmdir_delete_files_and_dir/rmdir_sec.log
new file mode 100644
index 00000000..146f5c7b
--- /dev/null
+++ b/datasets/attack_techniques/T1070/rmdir_delete_files_and_dir/rmdir_sec.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:23add1ce31cc0ebb053f4211d3efb444c608901d6e647d0fdabf692077b2fa09
+size 1332
diff --git a/datasets/attack_techniques/T1112/AuthenticationLevelOverride/AuthenticationLevelOverride.yml b/datasets/attack_techniques/T1112/AuthenticationLevelOverride/AuthenticationLevelOverride.yml
new file mode 100644
index 00000000..71f8f222
--- /dev/null
+++ b/datasets/attack_techniques/T1112/AuthenticationLevelOverride/AuthenticationLevelOverride.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: 4bfb4b66-673f-4f7e-863d-c812ee74d9a1
+date: '2023-11-23'
+description: Generated datasets for AuthenticationLevelOverride in attack range.
+environment: attackrange
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1112/AuthenticationLevelOverride/auth_sys.log
+sourcetypes:
+- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+references:
+- https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate
diff --git a/datasets/attack_techniques/T1112/AuthenticationLevelOverride/auth_sys.log b/datasets/attack_techniques/T1112/AuthenticationLevelOverride/auth_sys.log
new file mode 100644
index 00000000..6da9a9b9
--- /dev/null
+++ b/datasets/attack_techniques/T1112/AuthenticationLevelOverride/auth_sys.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3aaaed08919d925a553437a7ccce80c86c0962fa0c4e9b99ccba31db665ea9d5
+size 1147
diff --git a/datasets/attack_techniques/T1112/DisableRemoteDesktopAntiAlias/DisableRemoteDesktopAntiAlias.yml b/datasets/attack_techniques/T1112/DisableRemoteDesktopAntiAlias/DisableRemoteDesktopAntiAlias.yml
new file mode 100644
index 00000000..fc24ea95
--- /dev/null
+++ b/datasets/attack_techniques/T1112/DisableRemoteDesktopAntiAlias/DisableRemoteDesktopAntiAlias.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: 73d455ee-a0fd-4caf-95dc-879345bc02fb
+date: '2023-11-23'
+description: Generated datasets for DisableRemoteDesktopAntiAlias in attack range.
+environment: attackrange
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1112/DisableRemoteDesktopAntiAlias/disable_remote_alias.log
+sourcetypes:
+- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+references:
+- https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate
diff --git a/datasets/attack_techniques/T1112/DisableRemoteDesktopAntiAlias/disable_remote_alias.log b/datasets/attack_techniques/T1112/DisableRemoteDesktopAntiAlias/disable_remote_alias.log
new file mode 100644
index 00000000..32edb503
--- /dev/null
+++ b/datasets/attack_techniques/T1112/DisableRemoteDesktopAntiAlias/disable_remote_alias.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ce56a4b9f2539d1748b65fb690287c4e5016cdf1abc8b64f066d4006b443c62a
+size 2199
diff --git a/datasets/attack_techniques/T1112/T1112.yml b/datasets/attack_techniques/T1112/T1112.yml
new file mode 100644
index 00000000..19b0fb17
--- /dev/null
+++ b/datasets/attack_techniques/T1112/T1112.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: 8a7a0b10-2b72-46bc-9175-77563b02327d
+date: '2023-11-23'
+description: Generated datasets for T1112 in attack range.
+environment: attackrange
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1112/disablesecuritysetting.log
+sourcetypes:
+- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+references:
+- https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate
diff --git a/datasets/attack_techniques/T1112/disablesecuritysetting.log b/datasets/attack_techniques/T1112/disablesecuritysetting.log
new file mode 100644
index 00000000..f87784a3
--- /dev/null
+++ b/datasets/attack_techniques/T1112/disablesecuritysetting.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e9aa847780498c1df7448295403311ae998787c953580bcc707e5fc50310ed8f
+size 7801
diff --git a/datasets/attack_techniques/T1112/proxy_enable/proxy_enable.yml b/datasets/attack_techniques/T1112/proxy_enable/proxy_enable.yml
new file mode 100644
index 00000000..9ec536fc
--- /dev/null
+++ b/datasets/attack_techniques/T1112/proxy_enable/proxy_enable.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: 4bbe373a-c0b7-4ae7-8554-3708829195b9
+date: '2023-11-23'
+description: Generated datasets for proxy enable in attack range.
+environment: attackrange
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1112/proxy_enable/proxyenable.log
+sourcetypes:
+- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+references:
+- https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate
diff --git a/datasets/attack_techniques/T1112/proxy_enable/proxyenable.log b/datasets/attack_techniques/T1112/proxy_enable/proxyenable.log
new file mode 100644
index 00000000..ed7123f0
--- /dev/null
+++ b/datasets/attack_techniques/T1112/proxy_enable/proxyenable.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:18c9218e3f1c382c414fdaf9ef218651bf5f672c17af742a8c009687625bd611
+size 12757
diff --git a/datasets/attack_techniques/T1112/proxy_server/ProxyServer_sys.log b/datasets/attack_techniques/T1112/proxy_server/ProxyServer_sys.log
new file mode 100644
index 00000000..5175ddd7
--- /dev/null
+++ b/datasets/attack_techniques/T1112/proxy_server/ProxyServer_sys.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d867fff9c62b862fae5cdc707f716b6db5019e02308cbd17a66c5c2f456d8aa0
+size 11692
diff --git a/datasets/attack_techniques/T1112/proxy_server/proxy_server.yml b/datasets/attack_techniques/T1112/proxy_server/proxy_server.yml
new file mode 100644
index 00000000..17097ce5
--- /dev/null
+++ b/datasets/attack_techniques/T1112/proxy_server/proxy_server.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: 451d2d7d-c1a6-4c0b-a21f-7ddcad6a94a6
+date: '2023-11-23'
+description: Generated datasets for proxy server in attack range.
+environment: attackrange
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1112/proxy_server/ProxyServer_sys.log
+sourcetypes:
+- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+references:
+- https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate
diff --git a/datasets/attack_techniques/T1112/wer_dontshowui/dontshowui_sys.log b/datasets/attack_techniques/T1112/wer_dontshowui/dontshowui_sys.log
new file mode 100644
index 00000000..4c7ba244
--- /dev/null
+++ b/datasets/attack_techniques/T1112/wer_dontshowui/dontshowui_sys.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e80d336729e1f1bdbb265d0250fc3a98f7b997950bddd66a7718fb1fdec08d76
+size 1139
diff --git a/datasets/attack_techniques/T1112/wer_dontshowui/wer_dontshowui.yml b/datasets/attack_techniques/T1112/wer_dontshowui/wer_dontshowui.yml
new file mode 100644
index 00000000..3c59c7c3
--- /dev/null
+++ b/datasets/attack_techniques/T1112/wer_dontshowui/wer_dontshowui.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: 1eb6007a-e0e9-4524-a15a-431df16ee467
+date: '2023-11-23'
+description: Generated datasets for wer dontshowui in attack range.
+environment: attackrange
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1112/wer_dontshowui/dontshowui_sys.log
+sourcetypes:
+- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+references:
+- https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate
diff --git a/datasets/attack_techniques/T1134/explorer_root_proc_cmdline/explorer_root.log b/datasets/attack_techniques/T1134/explorer_root_proc_cmdline/explorer_root.log
new file mode 100644
index 00000000..280c4c35
--- /dev/null
+++ b/datasets/attack_techniques/T1134/explorer_root_proc_cmdline/explorer_root.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b6f1c7b18782e541d89ee1937bfa1d1fb88aa4e4149e157de14680adf3966f76
+size 17956
diff --git a/datasets/attack_techniques/T1134/explorer_root_proc_cmdline/explorer_root_proc_cmdline.yml b/datasets/attack_techniques/T1134/explorer_root_proc_cmdline/explorer_root_proc_cmdline.yml
new file mode 100644
index 00000000..da591624
--- /dev/null
+++ b/datasets/attack_techniques/T1134/explorer_root_proc_cmdline/explorer_root_proc_cmdline.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: bb9ae7e1-db85-4c98-b73d-8711eda19bfb
+date: '2023-11-21'
+description: Generated datasets for explorer root proc cmdline in attack range.
+environment: attackrange
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1134/explorer_root_proc_cmdline/explorer_root.log
+sourcetypes:
+- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+references:
+- https://x.com/CyberRaiju/status/1273597319322058752?s=20
diff --git a/datasets/attack_techniques/T1185/o365_concurrent_sessions_from_different_ips/o365_concurrent_sessions_from_different_ips.log b/datasets/attack_techniques/T1185/o365_concurrent_sessions_from_different_ips/o365_concurrent_sessions_from_different_ips.log
new file mode 100644
index 00000000..7fc88be3
--- /dev/null
+++ b/datasets/attack_techniques/T1185/o365_concurrent_sessions_from_different_ips/o365_concurrent_sessions_from_different_ips.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c57fce846b29486a9a6ca1cecd2b7004bf4662ff171f6a63e8c3e02aa416bafd
+size 12749
diff --git a/datasets/attack_techniques/T1185/o365_concurrent_sessions_from_different_ips/o365_concurrent_sessions_from_different_ips.yml b/datasets/attack_techniques/T1185/o365_concurrent_sessions_from_different_ips/o365_concurrent_sessions_from_different_ips.yml
new file mode 100644
index 00000000..fdc2952e
--- /dev/null
+++ b/datasets/attack_techniques/T1185/o365_concurrent_sessions_from_different_ips/o365_concurrent_sessions_from_different_ips.yml
@@ -0,0 +1,14 @@
+author: Mauricio Velazco
+id: 892ce442-f2e8-4e4c-894e-cb068ffe1fee
+date: '2023-12-04'
+description: 'Used Evilnginx3 to phish an O365 user and steal session cookies. Then, imported the stolen session cookies into a different browser to access M365 resources from a different location and source ip. 
+  Tenant specific details have been replaced in the dataset including tenant id, user names, ips, etc.'
+environment: O365
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1185/o365_concurrent_sessions_from_different_ips/o365_concurrent_sessions_from_different_ips.log
+sourcetypes:
+- o365:management:activity
+references:
+- https://attack.mitre.org/techniques/T1185/
+- https://github.com/kgretzky/evilginx2
+- https://breakdev.org/evilginx-2-next-generation-of-phishing-2fa-tokens/
diff --git a/datasets/attack_techniques/T1189/splunk/splunk_xss_in_highlighted_json_events_splunkd_ui_access.log b/datasets/attack_techniques/T1189/splunk/splunk_xss_in_highlighted_json_events_splunkd_ui_access.log
new file mode 100644
index 00000000..457abc00
--- /dev/null
+++ b/datasets/attack_techniques/T1189/splunk/splunk_xss_in_highlighted_json_events_splunkd_ui_access.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5ce09270517154d8af184e2d06fad001a2c766ff748a1e2a3806d9439dcaa9ca
+size 616
diff --git a/datasets/attack_techniques/T1190/confluence/confluence.yml b/datasets/attack_techniques/T1190/confluence/confluence.yml
index 6963ca5e..ea728df1 100644
--- a/datasets/attack_techniques/T1190/confluence/confluence.yml
+++ b/datasets/attack_techniques/T1190/confluence/confluence.yml
@@ -7,6 +7,7 @@ dataset:
 - https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1190/confluence/confluence_cve-2023-22515.log
 - https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1190/confluence/confluence_vuln_trigger_cve-2023-22515.log
 - https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1190/confluence/nginx_plus_kv_confluence.log
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1190/confluence/shellservlet.log
 sourcetypes:
 - suricata
 - nginx:plus:kv
diff --git a/datasets/attack_techniques/T1190/confluence/shellservlet.log b/datasets/attack_techniques/T1190/confluence/shellservlet.log
new file mode 100644
index 00000000..734302d0
--- /dev/null
+++ b/datasets/attack_techniques/T1190/confluence/shellservlet.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:11ea2be762847768f8eceaa4ae6de270b991809fab75638cdd9f19c2e2aa0762
+size 1522
diff --git a/datasets/attack_techniques/T1210/splunk/splunk_rce_via_user_xslt_splunkd_ui_access.log b/datasets/attack_techniques/T1210/splunk/splunk_rce_via_user_xslt_splunkd_ui_access.log
new file mode 100644
index 00000000..6252198a
--- /dev/null
+++ b/datasets/attack_techniques/T1210/splunk/splunk_rce_via_user_xslt_splunkd_ui_access.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3216367c0388a6810bcb5ef1f698ac9297b57434d12f5f2b178e336f9efd47be
+size 3559
diff --git a/datasets/attack_techniques/T1555/cmdkey_create_credential_store/cmdkey_create_credential_store.yml b/datasets/attack_techniques/T1555/cmdkey_create_credential_store/cmdkey_create_credential_store.yml
new file mode 100644
index 00000000..11d2d435
--- /dev/null
+++ b/datasets/attack_techniques/T1555/cmdkey_create_credential_store/cmdkey_create_credential_store.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: 9ed3255e-c601-46bb-9159-6ccc4d89cef6
+date: '2023-11-23'
+description: Generated datasets for cmdkey create credential store in attack range.
+environment: attackrange
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1555/cmdkey_create_credential_store/cmdkey_gen_sys.log
+sourcetypes:
+- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+references:
+- https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate
diff --git a/datasets/attack_techniques/T1555/cmdkey_create_credential_store/cmdkey_gen_sec.log b/datasets/attack_techniques/T1555/cmdkey_create_credential_store/cmdkey_gen_sec.log
new file mode 100644
index 00000000..a541a875
--- /dev/null
+++ b/datasets/attack_techniques/T1555/cmdkey_create_credential_store/cmdkey_gen_sec.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b86d4983f781b92d5dcf67f9903f186c92bd844fd28e88d4a30d088d82efdddc
+size 1363
diff --git a/datasets/attack_techniques/T1555/cmdkey_create_credential_store/cmdkey_gen_sys.log b/datasets/attack_techniques/T1555/cmdkey_create_credential_store/cmdkey_gen_sys.log
new file mode 100644
index 00000000..e1f6d184
--- /dev/null
+++ b/datasets/attack_techniques/T1555/cmdkey_create_credential_store/cmdkey_gen_sys.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c661870b0becbb508fdc16efd9f112161eeba966236fcfa4267b412f0854bde8
+size 2084
diff --git a/datasets/attack_techniques/T1555/cmdkey_delete_credentials_store/cmdkey_del_sec.log b/datasets/attack_techniques/T1555/cmdkey_delete_credentials_store/cmdkey_del_sec.log
new file mode 100644
index 00000000..cfcb783f
--- /dev/null
+++ b/datasets/attack_techniques/T1555/cmdkey_delete_credentials_store/cmdkey_del_sec.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d47e724917d3816da31434efb998eaaa06102ed931053ef1b47cda5e2952d9b5
+size 1317
diff --git a/datasets/attack_techniques/T1555/cmdkey_delete_credentials_store/cmdkey_del_sys.log b/datasets/attack_techniques/T1555/cmdkey_delete_credentials_store/cmdkey_del_sys.log
new file mode 100644
index 00000000..61cb5043
--- /dev/null
+++ b/datasets/attack_techniques/T1555/cmdkey_delete_credentials_store/cmdkey_del_sys.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ffc7ce78b4f480507f25eb52c7009e8ed238fb96bc97740c01a33d23b1a29069
+size 1990
diff --git a/datasets/attack_techniques/T1555/cmdkey_delete_credentials_store/cmdkey_delete_credentials_store.yml b/datasets/attack_techniques/T1555/cmdkey_delete_credentials_store/cmdkey_delete_credentials_store.yml
new file mode 100644
index 00000000..095896b1
--- /dev/null
+++ b/datasets/attack_techniques/T1555/cmdkey_delete_credentials_store/cmdkey_delete_credentials_store.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: 9e430d87-b8f9-454c-9e8a-debc1e953bd1
+date: '2023-11-23'
+description: Generated datasets for cmdkey delete credentials store in attack range.
+environment: attackrange
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1555/cmdkey_delete_credentials_store/cmdkey_del_sys.log
+sourcetypes:
+- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+references:
+- https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate
diff --git a/datasets/attack_techniques/T1560.001/archive_utility_darkgate/archive_utility_darkgate.yml b/datasets/attack_techniques/T1560.001/archive_utility_darkgate/archive_utility_darkgate.yml
new file mode 100644
index 00000000..37a904a8
--- /dev/null
+++ b/datasets/attack_techniques/T1560.001/archive_utility_darkgate/archive_utility_darkgate.yml
@@ -0,0 +1,11 @@
+author: Teoderick Contreras, Splunk
+id: 4d1a31eb-6242-4ac8-8ce2-ebdc47733449
+date: '2023-11-23'
+description: Generated datasets for archive utility darkgate in attack range.
+environment: attackrange
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1560.001/archive_utility_darkgate/rar_sys.log
+sourcetypes:
+- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+references:
+- https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate
diff --git a/datasets/attack_techniques/T1560.001/archive_utility_darkgate/rar_sec.log b/datasets/attack_techniques/T1560.001/archive_utility_darkgate/rar_sec.log
new file mode 100644
index 00000000..942d3fe7
--- /dev/null
+++ b/datasets/attack_techniques/T1560.001/archive_utility_darkgate/rar_sec.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:74a8d53b83ff9402d302aa67df13ba3262e437f15d5f9e178d1761559b7b42a6
+size 1348
diff --git a/datasets/attack_techniques/T1560.001/archive_utility_darkgate/rar_sys.log b/datasets/attack_techniques/T1560.001/archive_utility_darkgate/rar_sys.log
new file mode 100644
index 00000000..316823e4
--- /dev/null
+++ b/datasets/attack_techniques/T1560.001/archive_utility_darkgate/rar_sys.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:36686da83c770cf5d310a6b2d1820db3bdcdd5d4fc6c0a343aee98ffc4574e67
+size 1917