Merge pull request #1031 from splunk/lokibot

tccontre · web-flow · commit 6abeddf0c1f3 · 2025-10-01T13:37:31.000+02:00
lokibot
diff --git a/datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dns_query.log b/datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dns_query.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:57edefcbfadbe1954fa2867cbf5ad761e0f1a16097f9926d95c515358bc29f44
+size 8696
diff --git a/datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dnsquery.yml b/datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dnsquery.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 489169c0-9ea7-11f0-ba06-629be353806a
+date: '2025-10-01'
+description: Generated datasets for vbc dnsquery in attack range.
+environment: attack_range
+directory: vbc_dnsquery
+mitre_technique:
+- T1071.004
+datasets:
+- name: vbc_dns_query.log
+  path: /datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dns_query.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
diff --git a/datasets/m365_copilot/m365_copilot.yml b/datasets/m365_copilot/m365_copilot.yml
@@ -3,6 +3,8 @@ id: 0bf90131-c582-4976-85b8-711d2c2c1926
 date: '2025-09-25'
 description: |
  Logs from M365 Copilot Access Logs via Splunk Add-on for M365 and Exported Logs from eDsicovery Purview. Contains actual access logs and jailbreak attacks. 
+environment: attack_range
+directory: m365_copilot
 mitre_technique: []
 datasets:
 - name: m365_access_logs

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:57edefcbfadbe1954fa2867cbf5ad761e0f1a16097f9926d95c515358bc29f44`
	`3`	`+size 8696`