diff --git a/datasets/attack_techniques/T1087.004/aws_invoke_model_access_denied/aws_invoke_model_access_denied.yml b/datasets/attack_techniques/T1087.004/aws_invoke_model_access_denied/aws_invoke_model_access_denied.yml
new file mode 100644
index 00000000..748a4cbc
--- /dev/null
+++ b/datasets/attack_techniques/T1087.004/aws_invoke_model_access_denied/aws_invoke_model_access_denied.yml
@@ -0,0 +1,11 @@
+author: Bhavin Patel
+id: c467c7d4-5b8d-44c8-9259-8847e1e4df7a
+date: '2024-03-07'
+description: This dataset is generated in a AWS Bedrock Lab Environment by simulating events using AWS API calls
+environment: NA
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1087.004/aws_invoke_model_access_denied/cloudtrail.json
+sourcetypes:
+- aws:cloudtrail
+references:
+- https://www.sumologic.com/blog/defenders-guide-to-aws-bedrock/
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1087.004/aws_invoke_model_access_denied/cloudtrail.json b/datasets/attack_techniques/T1087.004/aws_invoke_model_access_denied/cloudtrail.json
new file mode 100644
index 00000000..6bcd8dad
--- /dev/null
+++ b/datasets/attack_techniques/T1087.004/aws_invoke_model_access_denied/cloudtrail.json
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8da5f22e842c0c8cad3213028beffb8893e1de186ae07012c5b262390b98c112
+size 1509
diff --git a/datasets/attack_techniques/T1485/aws_delete_knowledge_base/aws_delete_knowledge_base.yml b/datasets/attack_techniques/T1485/aws_delete_knowledge_base/aws_delete_knowledge_base.yml
new file mode 100644
index 00000000..11c09d2e
--- /dev/null
+++ b/datasets/attack_techniques/T1485/aws_delete_knowledge_base/aws_delete_knowledge_base.yml
@@ -0,0 +1,11 @@
+author: Bhavin Patel
+id: 984e9022-b87b-499a-a260-8d0282c46ea2
+date: '2025-04-10'
+description: Dataset generated from AWS CloudTrail logs capturing the activity of a malicious actor deleting a knowledge base from AWS Bedrock.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1485/aws_delete_knowledge_base/cloudtrail.json
+sourcetypes:
+- aws:cloudtrail
+references:
+- https://attack.mitre.org/techniques/T1485/
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1485/aws_delete_knowledge_base/cloudtrail.json b/datasets/attack_techniques/T1485/aws_delete_knowledge_base/cloudtrail.json
new file mode 100644
index 00000000..70b25dd2
--- /dev/null
+++ b/datasets/attack_techniques/T1485/aws_delete_knowledge_base/cloudtrail.json
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0074532dade6167059a8b32c6fc31cf16e545d2668686e5c636818b9c77742b5
+size 1415
diff --git a/datasets/attack_techniques/T1562.008/aws_bedrock_delete_guardrails/aws_bedrock_delete_guardrails.yml b/datasets/attack_techniques/T1562.008/aws_bedrock_delete_guardrails/aws_bedrock_delete_guardrails.yml
new file mode 100644
index 00000000..aadcf5a2
--- /dev/null
+++ b/datasets/attack_techniques/T1562.008/aws_bedrock_delete_guardrails/aws_bedrock_delete_guardrails.yml
@@ -0,0 +1,11 @@
+author: Bhavin Patel, Splunk
+id: cdd4205f-e570-42ee-add9-048f2ac48a62
+date: '2025-04-10'
+description: Dataset which contains cloudtrail events with a deletes of AWS Bedrock GuardRails
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1562.008/aws_bedrock_delete_guardrails/cloudtrail.json
+sourcetypes:
+- aws:cloudtrail
+references:
+- https://attack.mitre.org/techniques/T1562/008/
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1562.008/aws_bedrock_delete_guardrails/cloudtrail.json b/datasets/attack_techniques/T1562.008/aws_bedrock_delete_guardrails/cloudtrail.json
new file mode 100644
index 00000000..a165e903
--- /dev/null
+++ b/datasets/attack_techniques/T1562.008/aws_bedrock_delete_guardrails/cloudtrail.json
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:593e72338b0aa503a829c75cd5393be3da83b5b98922905915351395e71ea05b
+size 1546
diff --git a/datasets/attack_techniques/T1562.008/aws_bedrock_delete_model_invocation_logging/aws_bedrock_delete_model_invocation_logging.yml b/datasets/attack_techniques/T1562.008/aws_bedrock_delete_model_invocation_logging/aws_bedrock_delete_model_invocation_logging.yml
new file mode 100644
index 00000000..d2bbe436
--- /dev/null
+++ b/datasets/attack_techniques/T1562.008/aws_bedrock_delete_model_invocation_logging/aws_bedrock_delete_model_invocation_logging.yml
@@ -0,0 +1,12 @@
+author: Bhavin Patel, Splunk
+id: 09f580b9-cbc0-4d90-8e26-7dd4584a5650
+date: '2025-04-10'
+description: Dataset which contains cloudtrail logs for aws delete model invocation logging
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1562.008/aws_bedrock_delete_model_invocation_logging/cloudtrail.json
+sourcetypes:
+- aws:cloudtrail
+references:
+- https://attack.mitre.org/techniques/T1562/008/
+- https://github.com/aquasecurity/cloudsploit
diff --git a/datasets/attack_techniques/T1562.008/aws_bedrock_delete_model_invocation_logging/cloudtrail.json b/datasets/attack_techniques/T1562.008/aws_bedrock_delete_model_invocation_logging/cloudtrail.json
new file mode 100644
index 00000000..7c66f8ea
--- /dev/null
+++ b/datasets/attack_techniques/T1562.008/aws_bedrock_delete_model_invocation_logging/cloudtrail.json
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8866bb9fffc8ee5aa0251f38e3d622e3f77fb075400dd7ccd2a44eef93500db7
+size 1410
diff --git a/datasets/attack_techniques/T1580/aws_bedrock_list_foundation_model_failures/aws_bedrock_list_foundation_model_failures.yml b/datasets/attack_techniques/T1580/aws_bedrock_list_foundation_model_failures/aws_bedrock_list_foundation_model_failures.yml
new file mode 100644
index 00000000..76bb6abb
--- /dev/null
+++ b/datasets/attack_techniques/T1580/aws_bedrock_list_foundation_model_failures/aws_bedrock_list_foundation_model_failures.yml
@@ -0,0 +1,12 @@
+author: Bhavin Patel, Splunk
+id: 09f580b9-cbc0-4d90-8e26-7dd4584a5650
+date: '2025-04-10'
+description: Dataset which contains cloudtrail logs for aws invoke foundation model failures
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1580/aws_bedrock_list_foundation_model_failures/cloudtrail.json
+sourcetypes:
+- aws:cloudtrail
+references:
+- https://attack.mitre.org/techniques/T1580
+- https://github.com/aquasecurity/cloudsploit
diff --git a/datasets/attack_techniques/T1580/aws_bedrock_list_foundation_model_failures/cloudtrail.json b/datasets/attack_techniques/T1580/aws_bedrock_list_foundation_model_failures/cloudtrail.json
new file mode 100644
index 00000000..a23092aa
--- /dev/null
+++ b/datasets/attack_techniques/T1580/aws_bedrock_list_foundation_model_failures/cloudtrail.json
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9e9d2a8e6eb06cc322f9065556a374ee77fa43b659141de7c2e99473c60b40e3
+size 15851