Merge pull request #1051 from splunk/add-oracle-b64

add oracle and pwsh b64

Author: nasbench

datasets/attack_techniques/T1027.010/manual_b64_decode_pwsh/manual_b64_decode_pwsh.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:578c02d29fd3b8eec51f9603dd5267636bad190d2c091aaf7f34b8c4e32f5e4c
+size 28882

datasets/attack_techniques/T1027.010/manual_b64_decode_pwsh/manual_b64_decode_pwsh.yml

@@ -0,0 +1,13 @@
+author: Nasreddine Bencherchali, Splunk
+id: 2d2d0452-1d37-4f73-8e58-c2f0c57de465
+date: '2025-10-23'
+description: Generated datasets covering the manual Base64 decoding using PowerShell.
+environment: attack_range
+directory: manual_b64_decode_pwsh
+mitre_technique:
+- T1027.010
+datasets:
+- name: nirsoft_file_bundle_created.log
+  path: /datasets/attack_techniques/T1027.010/manual_b64_decode_pwsh/manual_b64_decode_pwsh.log
+  sourcetype: XmlWinEventLog
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'

datasets/cisco_secure_firewall_threat_defense/oracle_e_business_suite/oracle_e_business_suite.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a9613ad58cdd000f352ea5caa7277095a8c12f6563e287e231105c65c16178f6
+size 18032

datasets/cisco_secure_firewall_threat_defense/oracle_e_business_suite/oracle_e_business_suite.yml

@@ -0,0 +1,13 @@
+author: Nasreddine Bencherchali, Splunk
+id: 57776d92-b6db-4bf1-9dd2-e81702059f8e
+date: '2025-10-23'
+description: Generated a fake dataset manually for snort triggers generated by an FTD covering the potential exploitation of Oracle E-Business Suite CVE-2025-61882 and CVE-2025-61884.
+environment: custom
+directory: oracle_e_business_suite
+mitre_technique:
+- T1190
+datasets:
+- name: nirsoft_file_bundle_created.log
+  path: /datasets/attack_techniques/T1027.010/oracle_e_business_suite/oracle_e_business_suite.log
+  sourcetype: cisco:sfw:estreamer
+  source: not_applicable