Merge pull request #1062 from splunk/wsus

MHaggis · web-flow · commit ec7b71e22f52 · 2025-10-24T13:53:09.000-06:00
WSUS CVE-2025-59287
diff --git a/datasets/attack_techniques/T1505.003/T1505.003.yml b/datasets/attack_techniques/T1505.003/T1505.003.yml
@@ -1,6 +1,6 @@
 author: Michael Haag
 id: cc9b2609-efc9-11eb-926b-550bf0943fbb
-date: '2021-03-11'
+date: '2025-10-24'
 description: The following data was produced to emulate IIS, w3wp.exe, spawning shells,
   simulating web shell activity. In addition, behavior related to Microsoft Exchange
   Server's Unified Messaging services, umworkerprocess.exe and umservice.exe, spawning
@@ -28,3 +28,7 @@ datasets:
   path: /datasets/attack_techniques/T1505.003/moveit_windows-sysmon.log
   sourcetype: XmlWinEventLog
   source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+- name: wsus-windows-sysmon
+  path: /datasets/attack_techniques/T1505.003/wsus-windows-sysmon.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
diff --git a/datasets/attack_techniques/T1505.003/wsus-windows-sysmon.log b/datasets/attack_techniques/T1505.003/wsus-windows-sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f9a4be69d25d2c39be02a4288f75780b4e34a80d3555a8900e4f7a3c977ec220
+size 13290

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:f9a4be69d25d2c39be02a4288f75780b4e34a80d3555a8900e4f7a3c977ec220`
	`3`	`+size 13290`