Merge branch 'master' into data_source_improvement

Author: Patrick Bareiss

datasets/attack_techniques/T1003.008/esxi_sensitive_files/esxi_sensitive_files.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:880d7e97db26dbccde3101f25416bf70b743238de17fe1c409c951a58baf2229
+size 1271

datasets/attack_techniques/T1003.008/esxi_sensitive_files/esxi_sensitive_files.yml

@@ -0,0 +1,11 @@
+author: Raven Tait, Splunk
+id: f4e7c8fc-c534-415b-9f99-9e9419096db5
+date: '2025-07-09'
+description: 'Sample of ESXi syslog events showing attempts to access sensitive files on the ESXi system.'
+environment: custom
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1003.008/esxi_sensitive_files/esxi_sensitive_files.log
+sourcetypes:
+- vmw-syslog
+references:
+- https://attack.mitre.org/techniques/T1003/008

datasets/attack_techniques/T1005/esxi_vm_download/esxi_vm_download.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a50666c61f331226509ef462349fc891e46caaad70b1767422aee048f664acef
+size 271

datasets/attack_techniques/T1005/esxi_vm_download/esxi_vm_download.yml

@@ -0,0 +1,11 @@
+author: Raven Tait, Splunk
+id: 6cbe3ac7-510d-49ab-983e-7ee504d6f386
+date: '2025-07-09'
+description: 'Sample of ESXi syslog events showing downloading of VMs from ESXi using remote tools."
+environment: custom
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1005/esxi_vm_download/esxi_vm_download.log
+sourcetypes:
+- vmw-syslog
+references:
+- https://attack.mitre.org/techniques/T1005

datasets/attack_techniques/T1014/medusa_rootkit/medusa.yml

@@ -0,0 +1,12 @@
+author: Raven Tait, Splunk
+id: 2481e83c-b888-4383-bc61-9d292f4e03ea
+date: '2025-08-05'
+description: Logs from usage of the Medusa rootkit on a Linux host.
+environment: custom
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1014/medusa_rootkit/sysmon_linux.log
+sourcetypes:
+- XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+- Syslog:Linux-Sysmon/Operational
+references:
+- https://attack.mitre.org/techniques/T1014/

datasets/attack_techniques/T1014/medusa_rootkit/sysmon_linux.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:092f23c31aaa9c2f26d38c083255ade96bd953e0b5110443e9c1d39ae487bf63
+size 6275

datasets/attack_techniques/T1016/atomic_red_team/macos_net_discovery/macos_list_firewall_rules.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2b207c84b6b322daf28e27086831fcc0eb7090d1caa438f64c009fa5745de725
+size 8415

datasets/attack_techniques/T1016/atomic_red_team/macos_net_discovery/macos_net_discovery.yml

@@ -0,0 +1,12 @@
+author: Jamie Windley
+id: e0c0d5e5-8c29-4db3-9d27-d42f31c552f5
+date: '2025-08-15'
+description: Generated datasets for MacOS net discovery
+environment: vm
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1016/atomic_red_team/macos_net_discovery/macos_list_firewall_rules.log
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1016/atomic_red_team/macos_net_discovery/macos_network_discovery.log
+sourcetypes:
+- osquery:results
+references:
+- https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1016/T1016.md

datasets/attack_techniques/T1016/atomic_red_team/macos_net_discovery/macos_network_discovery.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b5687df76db37a6faf7a8509e88d0cd1820c23e64fff4d92a580d74bf9c996b0
+size 5022

datasets/attack_techniques/T1021.001/bmc_creation/bmc_creation.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:02509f46c0827bf20cab033da354191ec78f76f78cee88ab469b800efa816089
+size 1092