updating attack data yaml

patel-bhavin · patel-bhavin · commit bb267d6db2e2 · 2025-08-19T14:04:58.000-07:00
diff --git a/datasets/cisco_isovalent/cisco_isovalent.yml b/datasets/cisco_isovalent/cisco_isovalent.yml
@@ -4,11 +4,10 @@ date: '2025-08-15'
 description: Generated datasets for Cisco Isovalent Process Exec EventType. Contains simulations for the following detections:
   * Cisco Isovalent - Detect Shell Execution
   * Cisco Isovalent - Curl Execution With Insecure Flags
-dataset:
-- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/cisco_isovalent/cisco_isovalent.log
-sourcetypes:
-- cisco:isovalent
-references:
-- https://docs.isovalent.com/operations-guide/tetragon/installation/helm.html
-- https://docs.isovalent.com/user-guide/sec-ops-visibility/index.html
-- https://isovalent.com/blog/post/isovalent-splunk-better-together/
+environment: manual simulations in a K8s cluster running Tetragon
+mitre_technique: []
+datasets:
+- name: cisco_isovalent
+  path: /datasets/cisco_isovalent/cisco_isovalent.log
+  sourcetype: cisco:isovalent
+  source: cisco_isovalent
