added data source for new technique of attack

Author: CheraghiMilad

datasets/attack_techniques/T1529/linux_sysrq_abuse/linux_sysrq_abuse.log.txt

@@ -0,0 +1,4 @@
+{"type": "PATH","msg": "audit(1747951721.229:634)","item": 1,"name": "/proc/sysrq-trigger","inode": 4026532271,"dev": "00:19","mode": "0100200","ouid": 0,"ogid": 0,"rdev": "00:00","nametype": "NORMAL","cap_fp": 0,"cap_fi": 0,"cap_fe": 0,"cap_fver": 0,"cap_frootid": 0,"OUID": "root","OGID": "root"}
+{"type": "PATH","msg": "audit(1747951721.494:677)","item": 1,"name": "/proc/sysrq-trigger","inode": 4026532271,"dev": "00:19","mode": "0100200","ouid": 0,"ogid": 0,"rdev": "00:00","nametype": "NORMAL","cap_fp": 0,"cap_fi": 0,"cap_fe": 0,"cap_fver": 0,"cap_frootid": 0,"OUID": "root","OGID": "root"}
+{"type": "PATH","msg": "audit(1747951721.234:699)","item": 1,"name": "/proc/sysrq-trigger","inode": 4026532271,"dev": "00:19","mode": "0100200","ouid": 0,"ogid": 0,"rdev": "00:00","nametype": "NORMAL","cap_fp": 0,"cap_fi": 0,"cap_fe": 0,"cap_fver": 0,"cap_frootid": 0,"OUID": "root","OGID": "root"}
+{"type": "PATH","msg": "audit(1747951721.546:712)","item": 1,"name": "/proc/sysrq-trigger","inode": 4026532271,"dev": "00:19","mode": "0100200","ouid": 0,"ogid": 0,"rdev": "00:00","nametype": "NORMAL","cap_fp": 0,"cap_fi": 0,"cap_fe": 0,"cap_fver": 0,"cap_frootid": 0,"OUID": "root","OGID": "root"}

datasets/attack_techniques/T1529/linux_sysrq_abuse/linux_sysrq_abuse.yml.txt

@@ -0,0 +1,13 @@
+author: Milad Cheraghi
+id: b4b1271b-4529-4f36-9edc-d70765eaa4c0
+date: '2025-08-28'
+description: 'Sample of Linux auditd events showing potential abuse of the Magic SysRq key to manipulate or destabilize the system.'
+environment: custom
+directory: linux_sysrq_abuse
+mitre_technique:
+  - T1529
+datasets:
+  - name: linux-auditd
+    path: /datasets/attack_techniques/T1529/linux_sysrq_abuse/linux_sysrq_abuse.log
+    sourcetype: auditd
+    source: auditd