From 139dcf9cfe218668b21ac5e6eb01040d29eabed4 Mon Sep 17 00:00:00 2001 From: nasbench Date: Fri, 9 Jan 2026 02:19:08 +0100 Subject: [PATCH 1/2] add faked snort data --- .../intrusion_event/intrusion_events.log | 4 ++-- .../SaltTyphoon/salttyphoon_correlation.log | 0 .../SaltTyphoon/salttyphoon_correlation.yml | 13 +++++++++++++ 3 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.log create mode 100644 datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.yml diff --git a/datasets/cisco_secure_firewall_threat_defense/intrusion_event/intrusion_events.log b/datasets/cisco_secure_firewall_threat_defense/intrusion_event/intrusion_events.log index 97cc035be..c35177b3b 100644 --- a/datasets/cisco_secure_firewall_threat_defense/intrusion_event/intrusion_events.log +++ b/datasets/cisco_secure_firewall_threat_defense/intrusion_event/intrusion_events.log @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:2b60073787945069e3589037b1b337468f40beb60adcbfe8d900d7fd97827630 -size 1260867 +oid sha256:fbb3f751fe1eba2da9fb5214ca14e86d9e9bd3f9976e67c3ffe3874ffc2e5a8b +size 1278440 diff --git a/datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.log b/datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.log new file mode 100644 index 000000000..e69de29bb diff --git a/datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.yml b/datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.yml new file mode 100644 index 000000000..638a27a34 --- /dev/null +++ b/datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.yml @@ -0,0 +1,13 @@ +author: Nasreddine Bencherchali, Splunk +id: d403fecb-720c-48fb-9d1a-5671f0195513 +date: '2026-01-08' +description: Generated datasets for Cisco IOS switch exploitation. Correlating Cisco Secure Firewall logs with Cisco IOS logs to detect SaltTyphoon activities. +environment: NA +directory: react2shell +mitre_technique: +- T1021.004 +datasets: +- name: react2shell_linux + path: /datasets/react2shell/react2shell_linux.log + sourcetype: stash + source: not_applicable From be90ed65b0268ad52b578a23b751d27d2acc5c3b Mon Sep 17 00:00:00 2001 From: nasbench Date: Fri, 9 Jan 2026 02:21:52 +0100 Subject: [PATCH 2/2] fix metadata --- .../SaltTyphoon/salttyphoon_correlation.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.yml b/datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.yml index 638a27a34..a27050af4 100644 --- a/datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.yml +++ b/datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.yml @@ -3,11 +3,11 @@ id: d403fecb-720c-48fb-9d1a-5671f0195513 date: '2026-01-08' description: Generated datasets for Cisco IOS switch exploitation. Correlating Cisco Secure Firewall logs with Cisco IOS logs to detect SaltTyphoon activities. environment: NA -directory: react2shell +directory: SaltTyphoon mitre_technique: - T1021.004 datasets: -- name: react2shell_linux - path: /datasets/react2shell/react2shell_linux.log +- name: salttyphoon_correlation + path: /datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.log sourcetype: stash source: not_applicable