Skip to content

Snap conversion #1158

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
RavenTait merged 2 commits into from
Apr 20, 2026
Merged

Snap conversion #1158

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
73902a9
More snapattack data
RavenTait Apr 20, 2026
9ddcc35
More snapattack data
RavenTait Apr 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions datasets/attack_techniques/T1014/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
author: Raven Tait, Splunk
id: 552e13f8-267f-4a91-a56f-9209ab4e2f1f
date: '2026-04-20'
description: Generated datasets for Linux Evidence of BPFdoor implant - creation of
known lockfiles in attack range.
environment: attack_range
directory: snapattack
mitre_technique:
- T1014
datasets:
- name: snapattack
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1014/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1014/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
4 changes: 4 additions & 0 deletions datasets/attack_techniques/T1021.004/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,7 @@ datasets:
sourcetype: XmlWinEventLog
source: XmlWinEventLog:Security
path: /datasets/attack_techniques/T1021.004/snapattack/snaattack.log
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1021.004/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1021.004/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
4 changes: 4 additions & 0 deletions datasets/attack_techniques/T1033/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,7 @@ datasets:
sourcetype: XmlWinEventLog
source: XmlWinEventLog:Security
path: /datasets/attack_techniques/T1033/snapattack/snaattack.log
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1033/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1033/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
13 changes: 13 additions & 0 deletions datasets/attack_techniques/T1036.004/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
author: Raven Tait, Splunk
id: bf223b24-4cb9-44aa-b43d-63c5d564355a
date: '2026-04-20'
description: Generated datasets for Linux GobRAT Malware Execution in attack range.
environment: attack_range
directory: snapattack
mitre_technique:
- T1036.004
datasets:
- name: snapattack
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1036.004/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1036.004/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
4 changes: 4 additions & 0 deletions datasets/attack_techniques/T1036/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,7 @@ datasets:
sourcetype: XmlWinEventLog
source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
path: /datasets/attack_techniques/T1036/snapattack/snaattack.log
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1036/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1036/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
4 changes: 4 additions & 0 deletions datasets/attack_techniques/T1037.005/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,7 @@ datasets:
sourcetype: XmlWinEventLog
source: XmlWinEventLog:Microsoft-Windows-PowerShell/Operational
path: /datasets/attack_techniques/T1037.005/snapattack/snaattack.log
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1037.005/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1037.005/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
13 changes: 13 additions & 0 deletions datasets/attack_techniques/T1059.004/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
author: Raven Tait, Splunk
id: be7db117-e5ac-4cfa-a0fd-9784f0f937bf
date: '2026-04-20'
description: Generated datasets for Linux Netcat Outbound Connection in attack range.
environment: attack_range
directory: snapattack
mitre_technique:
- T1059.004
datasets:
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1059.004/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1059.004/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
4 changes: 4 additions & 0 deletions datasets/attack_techniques/T1059/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,7 @@ datasets:
sourcetype: XmlWinEventLog
source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
path: /datasets/attack_techniques/T1059/snapattack/snaattack.log
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1059/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1059/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
5 changes: 5 additions & 0 deletions datasets/attack_techniques/T1068/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,8 @@ datasets:
sourcetype: XmlWinEventLog
source: XmlWinEventLog:Security
path: /datasets/attack_techniques/T1068/snapattack/snaattack.log
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1068/snapattack/snapattack_linux.log

3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1068/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
4 changes: 4 additions & 0 deletions datasets/attack_techniques/T1082/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,7 @@ datasets:
sourcetype: XmlWinEventLog
source: XmlWinEventLog:Microsoft-Windows-PowerShell/Operational
path: /datasets/attack_techniques/T1082/snapattack/snaattack.log
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1082/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1082/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
13 changes: 13 additions & 0 deletions datasets/attack_techniques/T1098/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
author: Raven Tait, Splunk
id: 7534d45a-1766-49a3-9c51-2c67af3919da
date: '2026-04-20'
description: Generated datasets for Linux Usermod Root UID Set in attack range.
environment: attack_range
directory: snapattack
mitre_technique:
- T1098
datasets:
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1098/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1098/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
14 changes: 14 additions & 0 deletions datasets/attack_techniques/T1102/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
author: Raven Tait, Splunk
id: a1eede05-8cac-4d11-8b09-95f4a7205db0
date: '2026-04-20'
description: Generated datasets for Linux Suspicious Splunk Process (Linux) in attack
range.
environment: attack_range
directory: snapattack
mitre_technique:
- T1102
datasets:
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1102/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1102/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
4 changes: 4 additions & 0 deletions datasets/attack_techniques/T1129/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,7 @@ datasets:
sourcetype: XmlWinEventLog
source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
path: /datasets/attack_techniques/T1129/snapattack/snaattack.log
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1129/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1129/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
5 changes: 5 additions & 0 deletions datasets/attack_techniques/T1190/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,8 @@ datasets:
sourcetype: XmlWinEventLog
source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
path: /datasets/attack_techniques/T1190/snapattack/snaattack.log
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1190/snapattack/snapattack_linux.log

3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1190/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
4 changes: 4 additions & 0 deletions datasets/attack_techniques/T1204.002/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,7 @@ datasets:
sourcetype: XmlWinEventLog
source: XmlWinEventLog:Security
path: /datasets/attack_techniques/T1204.002/snapattack/snaattack.log
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1204.002/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1204.002/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
4 changes: 4 additions & 0 deletions datasets/attack_techniques/T1505/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,7 @@ datasets:
sourcetype: XmlWinEventLog
source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
path: /datasets/attack_techniques/T1505/snapattack/snaattack.log
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1505/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1505/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
13 changes: 13 additions & 0 deletions datasets/attack_techniques/T1542/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
author: Raven Tait, Splunk
id: e55d922f-209d-4461-97fb-2578bd8d7620
date: '2026-04-20'
description: Generated datasets for Linux EFI Bootloader File Deletion in attack range.
environment: attack_range
directory: snapattack
mitre_technique:
- T1542
datasets:
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1542/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1542/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
14 changes: 14 additions & 0 deletions datasets/attack_techniques/T1543.002/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
author: Raven Tait, Splunk
id: aaab2742-a782-4392-9332-6f68ad5ae804
date: '2026-04-20'
description: Generated datasets for Linux Service Enabled from Web Directory in attack
range.
environment: attack_range
directory: snapattack
mitre_technique:
- T1543.002
datasets:
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1543.002/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1543.002/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
13 changes: 13 additions & 0 deletions datasets/attack_techniques/T1547/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
author: Raven Tait, Splunk
id: b13a41f8-265d-453b-8cbf-d61f7baf6d10
date: '2026-04-20'
description: Generated datasets for Linux MOTD Script Added in attack range.
environment: attack_range
directory: snapattack
mitre_technique:
- T1547
datasets:
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1547/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1547/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
13 changes: 13 additions & 0 deletions datasets/attack_techniques/T1548.003/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
author: Raven Tait, Splunk
id: c4e07887-757f-4e28-beb0-bb7383d8ad2b
date: '2026-04-20'
description: Generated datasets for Linux Suspicious Sudo Parameter in attack range.
environment: attack_range
directory: snapattack
mitre_technique:
- T1548.003
datasets:
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1548.003/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1548.003/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
13 changes: 13 additions & 0 deletions datasets/attack_techniques/T1552.003/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
author: Raven Tait, Splunk
id: 1c980891-b00d-4076-ab9c-6854a1de7517
date: '2026-04-20'
description: Generated datasets for Linux Bash History Access in attack range.
environment: attack_range
directory: snapattack
mitre_technique:
- T1552.003
datasets:
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1552.003/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1552.003/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
4 changes: 4 additions & 0 deletions datasets/attack_techniques/T1608/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,7 @@ datasets:
sourcetype: XmlWinEventLog
source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
path: /datasets/attack_techniques/T1608/snapattack/snaattack.log
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1608/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1608/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
13 changes: 13 additions & 0 deletions datasets/attack_techniques/T1610/snapattack/snapattack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
author: Raven Tait, Splunk
id: d49a676c-491e-4165-94bb-1d0e4fb1f5d0
date: '2026-04-20'
description: Generated datasets for Linux Suspicious Docker Build in attack range.
environment: attack_range
directory: snapattack
mitre_technique:
- T1610
datasets:
- name: snapattack_linux
sourcetype: sysmon:linux
source: Syslog:Linux-Sysmon/Operational
path: /datasets/attack_techniques/T1610/snapattack/snapattack_linux.log
3 changes: 3 additions & 0 deletions datasets/attack_techniques/T1610/snapattack/snapattack_linux.log
View file
Open in desktop
Git LFS file not shown
Loading