Process_Connect events (#1074)

patel-bhavin · web-flow · commit ff5b2526e660 · 2025-11-04T15:57:49.000-08:00
* adding new dataset

* access metadata service

* updating yaml
diff --git a/datasets/attack_techniques/T1552.005/isovalent_cloud_metadata/isovalent_cloud_metadata.yml b/datasets/attack_techniques/T1552.005/isovalent_cloud_metadata/isovalent_cloud_metadata.yml
@@ -0,0 +1,13 @@
+author: Bhavin Patel, Splunk
+id: 04085959-2f4e-4804-bebc-64daff81d0c4
+date: '2025-10-28'
+description: This data is created in a K8s cluster running Tetragon and Cisco Isovalent Runtime Security to simulate accessing cloud metadata service.
+environment: not_applicable
+directory: isovalent_cloud_metadata
+mitre_technique:
+- T1552.005
+datasets:
+- name: process_connect
+  path: /datasets/attack_techniques/T1552.005/isovalent_cloud_metadata/process_connect.log
+  sourcetype: cisco:isovalent:processConnect
+  source: not_applicable
diff --git a/datasets/attack_techniques/T1552.005/isovalent_cloud_metadata/process_connect.log b/datasets/attack_techniques/T1552.005/isovalent_cloud_metadata/process_connect.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d8de75328fd801d6516463f94b0bfd818b7ae731d97ced08feac0a7ecd628403
+size 15752

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:d8de75328fd801d6516463f94b0bfd818b7ae731d97ced08feac0a7ecd628403`
	`3`	`+size 15752`