Merge pull request #1000 from splunk/cisco_isovalent

patel-bhavin · web-flow · commit ccc25872a848 · 2025-08-21T08:55:15.000-07:00
Cisco Isovalent 1
diff --git a/datasets/cisco_isovalent/cisco_isovalent.log b/datasets/cisco_isovalent/cisco_isovalent.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a3b686ab456637b24d559663913862b9962c7a3ccbc0f64d8a53010f9a59ecb2
+size 15566
diff --git a/datasets/cisco_isovalent/cisco_isovalent.yml b/datasets/cisco_isovalent/cisco_isovalent.yml
@@ -0,0 +1,14 @@
+author: Bhavin Patel, Splunk
+id: 1fc537db-5e0b-4a2e-a768-27e08eff0c70
+date: '2025-08-15'
+description: |
+ Generated datasets for Cisco Isovalent Process Exec EventType. Contains simulations for the following detections:
+  * Cisco Isovalent - Detect Shell Execution
+  * Cisco Isovalent - Curl Execution With Insecure Flags
+environment: manual simulations in a K8s cluster running Tetragon
+mitre_technique: []
+datasets:
+- name: cisco_isovalent
+  path: /datasets/cisco_isovalent/cisco_isovalent.log
+  sourcetype: cisco:isovalent
+  source: cisco_isovalent

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:a3b686ab456637b24d559663913862b9962c7a3ccbc0f64d8a53010f9a59ecb2`
	`3`	`+size 15566`