updates

Author: Patrick Bareiss

.github/VALIDATION_WORKFLOWS.md

@@ -110,12 +110,6 @@ jobs:
           1. Review the [failed workflow run](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})
           2. Fix the validation errors
           3. Create a hotfix PR to resolve the issues
-          
-          **Files that may be affected:**
-          - datasets/**/*.yml
-          - datasets/**/*.yaml
-          - bin/validate.py
-          - bin/dataset_schema.json
           `;
           
           await github.rest.issues.create({

.github/validate_dataset_ymls.py

@@ -1,16 +1,13 @@
-# Template for creating dataset.yml
-author: Patrick Bareiss
-description: Credential Dumping attempt via LSASS, specifically those launched
-  by Atomic Red Team using Windows Credential Editor, ProcDump, comsvcs.dll,
-  direct system calls and API unhooking, Windows Task Manager, Mimikatz and finally pypykatz.
+author: Author Name
+id: cc9b25d6-efc9-11eb-926b-550bf0943fbb
+date: '2022-01-12'
+description: 'Describe the dataset and what techniques/tests were executed here'
 environment: attack_range
-technique: T1003.001
-dataset:
-  - https://attack-range-attack-data.s3-us-west-2.amazonaws.com/T1003.001/attack_data.json
-  - https://attack-range-attack-data.s3-us-west-2.amazonaws.com/T1003.001/attack_data.tar.gz
-references:
-  - https://attack.mitre.org/techniques/T1003/001/
-  - https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1003.001/T1003.001.md
-  - https://github.com/splunk/security-content/blob/develop/tests/T1003_001.yml
-sourcetypes: 'Microsoft-Windows-Sysmon/Operational'
-date: '2020-07-21'
+directory: your_directory_name
+mitre_technique:
+- T1XXX.XXX
+datasets:
+- name: dataset_name
+  path: /datasets/attack_techniques/T1XXX.XXX/directory/dataset_file.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational