fix yaml format

RavenTait · RavenTait · commit eb0085c2eb4c · 2026-02-20T13:24:50.000-05:00
diff --git a/datasets/attack_techniques/T1030/osquery_data_chunking/osquery.yml b/datasets/attack_techniques/T1030/osquery_data_chunking/osquery.yml
@@ -3,9 +3,10 @@ id: e1ad8f03-6cb5-4ae9-a0c0-b9eb9ff0e4b8
 date: '2026-02-19'
 description: Generation of Mac OSX techniques logged with osquery
 environment: attack_range
-dataset:
-- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1030/osquery_data_chunking/osquery.log
-sourcetypes:
-- osquery:results
-references:
-- https://attack.mitre.org/techniques/T1030/
+mitre_technique:
+- T1030
+datasets:
+- name: osquery:results
+  sourcetype: osquery:results
+  source: osquery:results
+  path: /datasets/attack_techniques/T1030/osquery_data_chunking/osquery.log
diff --git a/datasets/attack_techniques/T1037.002/osquery_logon_scripts/osquery.yml b/datasets/attack_techniques/T1037.002/osquery_logon_scripts/osquery.yml
@@ -3,9 +3,10 @@ id: 69fb68a6-dce5-400f-8a5e-086abda181aa
 date: '2026-02-19'
 description: Generation of Mac OSX techniques logged with osquery
 environment: attack_range
-dataset:
-- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1037.002/osquery_logon_scripts/osquery.log
-sourcetypes:
-- osquery:results
-references:
-- https://attack.mitre.org/techniques/T1037/002/
+mitre_technique:
+- T1037.002
+datasets:
+- name: osquery:results
+  sourcetype: osquery:results
+  source: osquery:results
+  path: /datasets/attack_techniques/T1037.002/osquery_logon_scripts/osquery.log
diff --git a/datasets/attack_techniques/T1053.004/osquery_persistence/osquery.yml b/datasets/attack_techniques/T1053.004/osquery_persistence/osquery.yml
@@ -3,9 +3,11 @@ id: a319c571-0d12-4af7-b3dc-a30907e98277
 date: '2026-02-20'
 description: Generation of Mac OSX techniques logged with osquery
 environment: attack_range
-dataset:
-- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1053.004/osquery_persistence/osquery.log
-sourcetypes:
-- osquery:results
-references:
-- https://attack.mitre.org/techniques/T1053/004/
+mitre_technique:
+- T1053.004
+datasets:
+- name: osquery:results
+  sourcetype: osquery:results
+  source: osquery:results
+  path: /datasets/attack_techniques/T1053.004/osquery_persistence/osquery.log
+
diff --git a/datasets/attack_techniques/T1068/osquery_system_startup/osquery.yml b/datasets/attack_techniques/T1068/osquery_system_startup/osquery.yml
@@ -3,9 +3,10 @@ id: bb5c9118-aec9-4d94-b3a5-cf5e7f422740
 date: '2026-02-20'
 description: Generation of Mac OSX techniques logged with osquery
 environment: attack_range
-dataset:
-- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1068/osquery_system_startup/osquery.log
-sourcetypes:
-- osquery:results
-references:
-- https://attack.mitre.org/techniques/T1068/
+mitre_technique:
+- T1068
+datasets:
+- name: osquery:results
+  sourcetype: osquery:results
+  source: osquery:results
+  path: /datasets/attack_techniques/T1068/osquery_system_startup/osquery.log
diff --git a/datasets/attack_techniques/T1070/osquery_log_removal/osquery.yml b/datasets/attack_techniques/T1070/osquery_log_removal/osquery.yml
@@ -3,9 +3,10 @@ id: 06297035-0abf-485a-9c4c-9f416999d845
 date: '2026-02-19'
 description: Generation of Mac OSX techniques logged with osquery
 environment: attack_range
-dataset:
-- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1070/osquery_log_removal/osquery.log
-sourcetypes:
-- osquery:results
-references:
-- https://attack.mitre.org/techniques/T1070/
+mitre_technique:
+- T1070
+datasets:
+- name: osquery:results
+  sourcetype: osquery:results
+  source: osquery:results
+  path: /datasets/attack_techniques/T1070/osquery_log_removal/osquery.log
diff --git a/datasets/attack_techniques/T1135/osquery_share_discovery/osquery.yml b/datasets/attack_techniques/T1135/osquery_share_discovery/osquery.yml
@@ -3,9 +3,10 @@ id: d93e309a-f7b1-4bef-b8b7-b447f1f616a3
 date: '2026-02-20'
 description: Generation of Mac OSX techniques logged with osquery
 environment: attack_range
-dataset:
-- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1135/osquery_share_discovery/osquery.log
-sourcetypes:
-- osquery:results
-references:
-- https://attack.mitre.org/techniques/T1135/
+mitre_technique:
+- T1135
+datasets:
+- name: osquery:results
+  sourcetype: osquery:results
+  source: osquery:results
+  path: /datasets/attack_techniques/T1135/osquery_share_discovery/osquery.log
diff --git a/datasets/attack_techniques/T1136/osquery_account_creation/osquery.yml b/datasets/attack_techniques/T1136/osquery_account_creation/osquery.yml
@@ -3,9 +3,10 @@ id: 06297035-0abf-485a-9c4c-9f416999d845
 date: '2026-02-19'
 description: Generation of Mac OSX techniques logged with osquery
 environment: attack_range
-dataset:
-- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1136/osquery_account_creation/osquery.log
-sourcetypes:
-- osquery:results
-references:
-- https://attack.mitre.org/techniques/T1136/
+mitre_technique:
+- T1136
+datasets:
+- name: osquery:results
+  sourcetype: osquery:results
+  source: osquery:results
+  path: /datasets/attack_techniques/T1136/osquery_account_creation/osquery.log
diff --git a/datasets/attack_techniques/T1543/osquery_ketxload/osquery.yml b/datasets/attack_techniques/T1543/osquery_ketxload/osquery.yml
@@ -3,9 +3,10 @@ id: 324fc256-70c7-4e68-a32e-e2886f6245bb
 date: '2026-02-19'
 description: Generation of Mac OSX techniques logged with osquery
 environment: attack_range
-dataset:
-- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1543/osquery_ketxload/osquery.log
-sourcetypes:
-- osquery:results
-references:
-- https://attack.mitre.org/techniques/T1543
+mitre_technique:
+- T1543
+datasets:
+- name: osquery:results
+  sourcetype: osquery:results
+  source: osquery:results
+  path: /datasets/attack_techniques/T1543/osquery_ketxload/osquery.log
diff --git a/datasets/attack_techniques/T1555.001/osquery_keychains/osquery.yml b/datasets/attack_techniques/T1555.001/osquery_keychains/osquery.yml
@@ -3,9 +3,10 @@ id: d9cbe409-3012-48d7-8926-b5ee0287ee3f
 date: '2026-02-19'
 description: Generation of Mac OSX techniques involving keychains and osquery
 environment: attack_range
-dataset:
-- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1555.001/osquery_keychains/osquery.log
-sourcetypes:
-- osquery:results
-references:
-- https://attack.mitre.org/techniques/T1555/001/
+mitre_technique:
+- T1555.001
+datasets:
+- name: osquery:results
+  sourcetype: osquery:results
+  source: osquery:results
+  path: /datasets/attack_techniques/T1555.001/osquery_keychains/osquery.log
diff --git a/datasets/attack_techniques/T1564.001/osquery_hidden_files/osquery.yml b/datasets/attack_techniques/T1564.001/osquery_hidden_files/osquery.yml
@@ -3,9 +3,10 @@ id: 649730e9-20c1-4776-b902-2c4fc819b00c
 date: '2026-02-19'
 description: Generation of Mac OSX techniques logged with osquery
 environment: attack_range
-dataset:
-- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1564.001/osquery_hidden_files/osquery.log
-sourcetypes:
-- osquery:results
-references:
-- https://attack.mitre.org/techniques/T1564/001/
+mitre_technique:
+- T1564.001
+datasets:
+- name: osquery:results
+  sourcetype: osquery:results
+  source: osquery:results
+  path: /datasets/attack_techniques/T1564.001/osquery_hidden_files/osquery.log
