Merge pull request #1112 from splunk/http_user_agents

RavenTait · web-flow · commit fa62f0851069 · 2025-12-18T12:35:18.000-05:00
Add more user agent data
diff --git a/datasets/attack_techniques/T1071.001/http_user_agents/http_user_agents.yml b/datasets/attack_techniques/T1071.001/http_user_agents/http_user_agents.yml
@@ -1,7 +1,7 @@
 author: Raven Tait, Splunk
 id: fdc85d57-acaf-4552-a363-1fd59a447f33
 date: '2023-12-16'
-description: Attack data related to various web request user agents
+description: Attack data related to various http user agents
 environment: attack_range
 directory: http_user_agents
 mitre_technique:
@@ -11,3 +11,15 @@ datasets:
   path: /datasets/attack_techniques/T1071.001/http_user_agents/suricata_c2.log
   sourcetype: suricata
   source: suricata
+- name: suricata_malware
+  path: /datasets/attack_techniques/T1071.001/http_user_agents/suricata_malware.log
+  sourcetype: suricata
+  source: suricata
+- name: suricata_pua
+  path: /datasets/attack_techniques/T1071.001/http_user_agents/suricata_pua.log
+  sourcetype: suricata
+  source: suricata
+- name: suricata_rmm
+  path: /datasets/attack_techniques/T1071.001/http_user_agents/suricata_rmm.log
+  sourcetype: suricata
+  source: suricata
diff --git a/datasets/attack_techniques/T1071.001/http_user_agents/suricata_malware.log b/datasets/attack_techniques/T1071.001/http_user_agents/suricata_malware.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2f8c6eeb09893ec58228f9578a61b4e6f0b36277420b58f7c8a36c7ea4c01e79
+size 7222
diff --git a/datasets/attack_techniques/T1071.001/http_user_agents/suricata_pua.log b/datasets/attack_techniques/T1071.001/http_user_agents/suricata_pua.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a4e6904a2ad806985f244c1583cd4ffc50cc7198a744adcdde16f707ecab0305
+size 3214
diff --git a/datasets/attack_techniques/T1071.001/http_user_agents/suricata_rmm.log b/datasets/attack_techniques/T1071.001/http_user_agents/suricata_rmm.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4faeaab2d5031c7186bdccfe857a3c3f1c22da66ca36438ba58e86a2e646b21f
+size 3633

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:2f8c6eeb09893ec58228f9578a61b4e6f0b36277420b58f7c8a36c7ea4c01e79`
	`3`	`+size 7222`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:a4e6904a2ad806985f244c1583cd4ffc50cc7198a744adcdde16f707ecab0305`
	`3`	`+size 3214`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:4faeaab2d5031c7186bdccfe857a3c3f1c22da66ca36438ba58e86a2e646b21f`
	`3`	`+size 3633`