Merge pull request #1025 from splunk/expand

MHaggis · web-flow · commit ae0c2231a84d · 2025-09-19T09:14:01.000-06:00
Expand Sysmon
diff --git a/datasets/attack_techniques/T1140/atomic_red_team/atomic_red_team.yml b/datasets/attack_techniques/T1140/atomic_red_team/atomic_red_team.yml
@@ -8,7 +8,11 @@ directory: atomic_red_team
 mitre_technique:
 - T1140
 datasets:
-- name: windows-sysmon
-  path: /datasets/attack_techniques/T1140/atomic_red_team/windows-sysmon.log
-  sourcetype: XmlWinEventLog
-  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+  - name: windows-sysmon
+    path: /datasets/attack_techniques/T1140/atomic_red_team/windows-sysmon.log
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+  - name: expand_windows-sysmon
+    path: /datasets/attack_techniques/T1140/atomic_red_team/expand_windows-sysmon.log
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
diff --git a/datasets/attack_techniques/T1140/atomic_red_team/expand_windows-sysmon.log b/datasets/attack_techniques/T1140/atomic_red_team/expand_windows-sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:183204efd8001f652380ba1ae77789782e5934b1e5ffc7c079bb346bbb049342
+size 31869

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:183204efd8001f652380ba1ae77789782e5934b1e5ffc7c079bb346bbb049342`
	`3`	`+size 31869`