Skip to content

Commit 739e30b

Browse files
patel-bhavinpatel-bhavin
authored
Merge pull request #1032 from splunk/isovalent_1
Escaping host dataset and other Linux dataset
2 parents 6abeddf + 265da86 commit 739e30b

File tree

5 files changed

+25
-5
lines changed

5 files changed

+25
-5
lines changed

datasets/attack_techniques/T1611/cisco_isovalent_k8_escape/cisco_isovalent.log

Whitespace-only changes.

datasets/attack_techniques/T1611/cisco_isovalent_k8_escape/cisco_isovalent.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
author: Bhavin Patel, Splunk
2+
id: b5484a09-fc58-4817-9d42-cdbb2691147b
3+
date: '2025-10-01'
4+
description: |
5+
Generated datasets for Cisco Isovalent Process Exec EventType. Contains simulations for the escaping from host.
6+
environment: manual simulations in a K8s cluster running Tetragon
7+
directory: cisco_isovalent_k8_escape
8+
mitre_technique:
9+
- T1611
10+
datasets:
11+
- name: cisco_isovalent
12+
path: /datasets/attack_techniques/T1611/cisco_isovalent_k8_escape/cisco_isovalent.log
13+
sourcetype: cisco:isovalent
14+
source: cisco_isovalent

datasets/cisco_isovalent/cisco_isovalent.log

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
11
version https://git-lfs.github.com/spec/v1
2-
oid sha256:394615d79fe94d4cbb71865f3753f8841e939f5d0575107e4729d49babb11834
3-
size 176662
2+
oid sha256:2cb7e1ad95df218a8823f7f7d517be3f57ee067716c7efb35edc9bb0e1fa7914
3+
size 187448

datasets/cisco_isovalent/cisco_isovalent.yml

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,9 @@ author: Bhavin Patel, Splunk
22
id: 1fc537db-5e0b-4a2e-a768-27e08eff0c70
33
date: '2025-08-15'
44
description: |
5-
Generated datasets for Cisco Isovalent Process Exec EventType. Contains simulations for the following detections:
6-
* Cisco Isovalent - Detect Shell Execution
7-
* Cisco Isovalent - Curl Execution With Insecure Flags
5+
Generated datasets for Cisco Isovalent Process Exec EventType by manual /atomic-red team simulations in a K8s cluster running Tetragon
86
environment: manual simulations in a K8s cluster running Tetragon
7+
directory: cisco_isovalent
98
mitre_technique: []
109
datasets:
1110
- name: cisco_isovalent
@@ -15,4 +14,8 @@ datasets:
1514
- name: delayed_shell
1615
path: /datasets/cisco_isovalent/cisco_isovalent_process_exec_delayed_shell.log
1716
sourcetype: cisco:isovalent:processExec
17+
source: cisco_isovalent
18+
- name: kprobe_spike
19+
path: /datasets/cisco_isovalent/kprobe_spike.log
20+
sourcetype: cisco:isovalent
1821
source: cisco_isovalent

datasets/cisco_isovalent/kprobe_spike.log

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
version https://git-lfs.github.com/spec/v1
2+
oid sha256:d10d308e5840fae4cf7a7f720d7f7c0cb6a5aa41f7962c4fbdac1ba0df246a0e
3+
size 50652

0 commit comments

Comments
 (0)