update secure endpoint dataset

splunk · Jan 14, 2025 · f50b47b · f50b47b
1 parent 5b2216f
commit f50b47b
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/..._techniques/T1562.001/cisco_secure_endpoint_tampering/cisco_secure_endpoint_tampering.yml b/..._techniques/T1562.001/cisco_secure_endpoint_tampering/cisco_secure_endpoint_tampering.yml
@@ -1,10 +1,11 @@
 author: Nasreddine Bencherchali, Splunk
 id: 98e9387e-4aab-4e59-8e17-2a33b74a8d69
 date: '2025-01-08'
-description: Generated dataset for abusing the sfc.exe binary in order to tamper with Cisco Secure Endpoint.
+description: Generated dataset for abusing Cisco Secure Endpoint "sfc.exe" binary in order to tamper with Cisco Secure Endpoint services and features as well a dataset for tampering with Secure Endpoint services.
 environment: attack_range
 dataset:
 - https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1562.001/cisco_secure_endpoint_tampering/sfc_tampering.log
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1562.001/cisco_secure_endpoint_tampering/service_stop.log
 sourcetypes:
 - XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
 references:

diff --git a/datasets/attack_techniques/T1562.001/cisco_secure_endpoint_tampering/service_stop.log b/datasets/attack_techniques/T1562.001/cisco_secure_endpoint_tampering/service_stop.log