Skip to content

Commit

Permalink
Merge pull request #917 from splunk/asl_new_datasets
Browse files Browse the repository at this point in the history 
updated cloudtrail asl datasets
  • Loading branch information
@P4T12ICK
P4T12ICK authored Dec 12, 2024
2 parents 41868f9 + 86c08ae commit 9d543dd
Show file tree
Hide file tree
Showing 6 changed files with 14 additions and 0 deletions.
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1078/aws_create_policy_version/asl_ocsf_cloudtrail.json
View file
Git LFS file not shown
1 change: 1 addition & 0 deletions datasets/attack_techniques/T1078/aws_create_policy_version/aws_create_policy_version.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ description: This search looks for CloudTrail events where a user created a poli
environment: Cloud Attack Range
dataset:
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1078/aws_create_policy_version/aws_cloudtrail_events.json
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1078/aws_create_policy_version/asl_ocsf_cloudtrail.json
sourcetypes:
- aws:cloudtrail
references:
Expand Down
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1078/aws_createaccesskey/asl_ocsf_cloudtrail.json
View file
Git LFS file not shown
1 change: 1 addition & 0 deletions datasets/attack_techniques/T1078/aws_createaccesskey/aws_createaccesskey.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ environment: Cloud Attack Range
dataset:
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1078/aws_createaccesskey/aws_cloudtrail_events.json
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1078/amazon_security_lake.json
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1078/asl_ocsf_cloudtrail.json
sourcetypes:
- aws:cloudtrail
- aws:asl
Expand Down
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1110.002/aws_rds_password_reset/asl_ocsf_cloudtrail.json
View file
Git LFS file not shown
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1552/aws_getpassworddata/asl_ocsf_cloudtrail.json
View file
Git LFS file not shown

0 comments on commit 9d543dd

Please sign in to comment.