Merge pull request #1058 from splunk/update-pipe-to-exec

nasbench · web-flow · commit d032d32f19f0 · 2025-10-24T14:14:17.000+02:00
add lnx dataset for pipe to exec
diff --git a/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.yml b/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.yml
@@ -3,11 +3,15 @@ id: f25b05ae-99d7-4f67-917d-5db3d219fcbb
 date: '2025-10-17'
 description: Dataset generated in attack range for the attack technique of download to pipe execution.
 environment: attack_range
-directory: atomic_red_team
+directory: download_to_pipe_exec
 mitre_technique:
 - T1105
 datasets:
-- name: windows-sysmon_curl_upload
+- name: download_to_pipe_exec
   path: /datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec.log
   sourcetype: XmlWinEventLog
   source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+- name: download_to_pipe_exec_linux
+  path: /datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec_linux.log
+  sourcetype: sysmon:linux
+  source: Syslog:Linux-Sysmon/Operational
diff --git a/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec_linux.log b/datasets/attack_techniques/T1105/download_to_pipe_exec/download_to_pipe_exec_linux.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9c629b51765f290038bef423acf717960cc3da6bf3e4d40d406627854335be7a
+size 1554

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:9c629b51765f290038bef423acf717960cc3da6bf3e4d40d406627854335be7a`
	`3`	`+size 1554`