ading rdp dataset (#1146)

patel-bhavin · web-flow · commit 66cfe427fb27 · 2026-03-27T14:34:27.000+05:30
* ading rdp dataset

* adding new events

* adding new log files

* new events
diff --git a/datasets/cisco_secure_access/firewall/firewall.yml b/datasets/cisco_secure_access/firewall/firewall.yml
@@ -0,0 +1,29 @@
+author: Bhavin Patel, Splunk
+id: 1fc537db-5e0b-4a2e-a768-27e08eff0c70
+date: '2026-03-19'
+description: |
+ Generated datasets for Cisco Secure Access Firewall EventType by manual /atomic-red team simulations in a K8s cluster running Tetragon
+environment: custom
+directory: cisco_secure_access/firewall
+mitre_technique: []
+datasets:
+- name: firewall
+  path: /datasets/cisco_secure_access/firewall/rdp_brute_force.log
+  sourcetype: cisco:secure_access:firewall
+  source: cisco_secure_access:firewall
+- name: large_icmp
+  path: /datasets/cisco_secure_access/firewall/large_icmp.log
+  sourcetype: cisco:secure_access:firewall
+  source: cisco_secure_access:firewall
+- name: ldap
+  path: /datasets/cisco_secure_access/firewall/ldap.log
+  sourcetype: cisco:secure_access:firewall
+  source: cisco_secure_access:firewall
+- name: outbound_smb
+  path: /datasets/cisco_secure_access/firewall/outbound_smb.log
+  sourcetype: cisco:secure_access:firewall
+  source: cisco_secure_access:firewall
+- name: nmap
+  path: /datasets/cisco_secure_access/firewall/nmap.log
+  sourcetype: cisco:secure_access:firewall
+  source: cisco_secure_access:firewall
diff --git a/datasets/cisco_secure_access/firewall/large_icmp.log b/datasets/cisco_secure_access/firewall/large_icmp.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b7494c86cf3fad8ea5a8f37bb3d21b4d7c4aba694e1973f4f5a9207389786690
+size 428
diff --git a/datasets/cisco_secure_access/firewall/ldap.log b/datasets/cisco_secure_access/firewall/ldap.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ca284e10d3834a2b6e56116bfb2078cc690eabf05f1b37aff3714d92fc66406c
+size 423
diff --git a/datasets/cisco_secure_access/firewall/nmap.log b/datasets/cisco_secure_access/firewall/nmap.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5fb3007ad740d51c5af4b6e7b5e5750e9ef833ace9d2c14d325179f834c05981
+size 135478
diff --git a/datasets/cisco_secure_access/firewall/outbound_smb.log b/datasets/cisco_secure_access/firewall/outbound_smb.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1285ed5919c3395964f748be9289448a510baf931c16e7f46666f60c143b695a
+size 9337
diff --git a/datasets/cisco_secure_access/firewall/rdp_brute_force.log b/datasets/cisco_secure_access/firewall/rdp_brute_force.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:82fc54be49df5a1635be5c8b101c56ae68347e0e7f91f8c39439e5b673030e88
+size 4605

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:b7494c86cf3fad8ea5a8f37bb3d21b4d7c4aba694e1973f4f5a9207389786690`
	`3`	`+size 428`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:ca284e10d3834a2b6e56116bfb2078cc690eabf05f1b37aff3714d92fc66406c`
	`3`	`+size 423`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:5fb3007ad740d51c5af4b6e7b5e5750e9ef833ace9d2c14d325179f834c05981`
	`3`	`+size 135478`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:1285ed5919c3395964f748be9289448a510baf931c16e7f46666f60c143b695a`
	`3`	`+size 9337`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:82fc54be49df5a1635be5c8b101c56ae68347e0e7f91f8c39439e5b673030e88`
	`3`	`+size 4605`