Merge pull request #922 from nterl0k/nterl0k-t1595-generic-scanning

patel-bhavin · web-flow · commit f2bbebdb71a0 · 2025-01-03T11:36:57.000-08:00
nterl0k - T1595 - Generic Scanning Behavior
diff --git a/datasets/attack_techniques/T1595/sysmon_scanning_events/sysmon_scanning_events.log b/datasets/attack_techniques/T1595/sysmon_scanning_events/sysmon_scanning_events.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:40a7d79315b446abe7d9d81a1f7d26a7c55006b623fe420b2dc78954424a2d79
+size 92180
diff --git a/datasets/attack_techniques/T1595/sysmon_scanning_events/sysmon_scanning_events.yml b/datasets/attack_techniques/T1595/sysmon_scanning_events/sysmon_scanning_events.yml
@@ -0,0 +1,11 @@
+author: Steven Dick
+id: 981a2657-3ed0-46e9-b9f4-8a59a6442cb3
+date: '2024-12-26'
+description: 'A set of events related generic powershell/sysmon network enumeration.'
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1595/sysmon_scanning_events/sysmon_scanning_events.log
+sourcetypes:
+- XmlWinEventLog
+references:
+- https://attack.mitre.org/techniques/T1595

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:40a7d79315b446abe7d9d81a1f7d26a7c55006b623fe420b2dc78954424a2d79`
	`3`	`+size 92180`