diff --git a/datasets/attack_techniques/T1195.001/npm/npm_supply_chain.yml b/datasets/attack_techniques/T1195.001/npm/npm_supply_chain.yml
new file mode 100644
index 00000000..6988d808
--- /dev/null
+++ b/datasets/attack_techniques/T1195.001/npm/npm_supply_chain.yml
@@ -0,0 +1,21 @@
+author: Michael Haag, Splunk
+id: 0e029cfc-ce81-48c4-ba74-598afa1ddbba
+date: '2025-10-28'
+description: Dataset generated in attack range for the attack technique of npm supply chain.
+environment: attack_range
+directory: npm
+mitre_technique:
+- T1195.001
+datasets:
+- name: workflow_yml_sysmon_linux
+  path: /datasets/attack_techniques/T1195.001/npm/workflow_yml_sysmon.log
+  sourcetype: sysmon:linux
+  source: Syslog:Linux-Sysmon/Operational
+- name: shai_hulud_workflow_sysmon
+  path: /datasets/attack_techniques/T1195.001/npm/shai_hulud_workflow_sysmon.log
+  sourcetype: sysmon:linux
+  source: Syslog:Linux-Sysmon/Operational
+- name: windows_workflow_sysmon
+  path: /datasets/attack_techniques/T1195.001/npm/windows_workflow_sysmon.log
+  sourcetype: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1195.001/npm/shai_hulud_workflow_sysmon.log b/datasets/attack_techniques/T1195.001/npm/shai_hulud_workflow_sysmon.log
new file mode 100644
index 00000000..f28d348a
--- /dev/null
+++ b/datasets/attack_techniques/T1195.001/npm/shai_hulud_workflow_sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:07d7235f1a63513ddb92fe8fb7d45e4f1afcdb90e0b5e8381aeb2f0847447980
+size 21532
diff --git a/datasets/attack_techniques/T1195.001/npm/windows_workflow_sysmon.log b/datasets/attack_techniques/T1195.001/npm/windows_workflow_sysmon.log
new file mode 100644
index 00000000..e91beb12
--- /dev/null
+++ b/datasets/attack_techniques/T1195.001/npm/windows_workflow_sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7d97125aa89a44a943604a166b58c8852d95f44d30fa0309cb3d92f2c6c8d6ca
+size 13192
diff --git a/datasets/attack_techniques/T1195.001/npm/workflow_yml_sysmon.log b/datasets/attack_techniques/T1195.001/npm/workflow_yml_sysmon.log
new file mode 100644
index 00000000..81485fcc
--- /dev/null
+++ b/datasets/attack_techniques/T1195.001/npm/workflow_yml_sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3a57a9a1933720890fd70c23684349f82d9182f33044ffff7009c7330b001e71
+size 22920