diff --git a/datasets/cisco_secure_firewall_threat_defense/intrusion_event/intrusion_events.log b/datasets/cisco_secure_firewall_threat_defense/intrusion_event/intrusion_events.log
index 97cc035b..c35177b3 100644
--- a/datasets/cisco_secure_firewall_threat_defense/intrusion_event/intrusion_events.log
+++ b/datasets/cisco_secure_firewall_threat_defense/intrusion_event/intrusion_events.log
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:2b60073787945069e3589037b1b337468f40beb60adcbfe8d900d7fd97827630
-size 1260867
+oid sha256:fbb3f751fe1eba2da9fb5214ca14e86d9e9bd3f9976e67c3ffe3874ffc2e5a8b
+size 1278440
diff --git a/datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.log b/datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.log
new file mode 100644
index 00000000..4a577b25
--- /dev/null
+++ b/datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:02431125a76164dc9198769e4257c1d038c6c85b4943e7d0a56c6492cab61ace
+size 310696
diff --git a/datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.yml b/datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.yml
new file mode 100644
index 00000000..a27050af
--- /dev/null
+++ b/datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.yml
@@ -0,0 +1,13 @@
+author: Nasreddine Bencherchali, Splunk
+id: d403fecb-720c-48fb-9d1a-5671f0195513
+date: '2026-01-08'
+description: Generated datasets for Cisco IOS switch exploitation. Correlating Cisco Secure Firewall logs with Cisco IOS logs to detect SaltTyphoon activities.
+environment: NA
+directory: SaltTyphoon
+mitre_technique:
+- T1021.004
+datasets:
+- name: salttyphoon_correlation
+  path: /datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.log
+  sourcetype: stash
+  source: not_applicable