First test data for snap conversion

RavenTait · RavenTait · commit 0ff7f1ec26bf · 2026-03-23T14:10:21.000-04:00
diff --git a/datasets/attack_techniques/T1491/snapattack/snapattack.log b/datasets/attack_techniques/T1491/snapattack/snapattack.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3dacab92adb8b808d1558ac0b1b9b749e4b00aa7b7581fe6649748817d28a758
+size 4252
diff --git a/datasets/attack_techniques/T1491/snapattack/snapattack.yml b/datasets/attack_techniques/T1491/snapattack/snapattack.yml
@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: 4d3ff572-755b-474d-8239-4989c920ca93
+date: '2026-03-23'
+description: Generated datasets for Windows PowerShell Post Exploitation Common Keywords
+    in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1491
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Security
+    path: /datasets/attack_techniques/T1491/snapattack/snaattack.log

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:3dacab92adb8b808d1558ac0b1b9b749e4b00aa7b7581fe6649748817d28a758`
	`3`	`+size 4252`