Merge pull request #1067 from splunk/wsus-sa

More WSUS data

Author: RavenTait

datasets/attack_techniques/T1505.003/T1505.003.yml

@@ -1,6 +1,6 @@
 author: Michael Haag
 id: cc9b2609-efc9-11eb-926b-550bf0943fbb
-date: '2025-10-24'
+date: '2025-10-28'
 description: The following data was produced to emulate IIS, w3wp.exe, spawning shells,
   simulating web shell activity. In addition, behavior related to Microsoft Exchange
   Server's Unified Messaging services, umworkerprocess.exe and umservice.exe, spawning
@@ -32,3 +32,15 @@ datasets:
   path: /datasets/attack_techniques/T1505.003/wsus-windows-sysmon.log
   sourcetype: XmlWinEventLog
   source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+- name: wsus-sa-windows-sysmon
+  path: /datasets/attack_techniques/T1505.003/wsus-sa-windows-sysmon.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+- name: wsus-iis
+  path: /datasets/attack_techniques/T1505.003/wsus-iis.log
+  sourcetype: iis
+  source: iis
+- name: wsus-suricata
+  path: /datasets/attack_techniques/T1505.003/wsus-suricata.log
+  sourcetype: suricata
+  source: suricata

datasets/attack_techniques/T1505.003/suricata.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e5a3b0efb827df055104d0ddfa7660b8699a9713db37f27338a474838b19ed27
+size 18198

datasets/attack_techniques/T1505.003/wsus-iis.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fd395beee7b6a091bf557930ee9b69103601ba0b7a04c6a27f82131402d88712
+size 20559

datasets/attack_techniques/T1505.003/wsus-sa-windows-sysmon.log

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3fb605825f6598cbcde1f339cc2f9eebafee494525d133377733f16791d04aa0
+size 5499