From 4548bf041fe641d02ff0f4379cf30063c6396bf7 Mon Sep 17 00:00:00 2001 From: ljstella Date: Fri, 6 Feb 2026 11:07:36 -0500 Subject: [PATCH] Adding file for Bryan --- .../event_stream_events/stream_events_2.log | 3 +++ .../event_stream_events/stream_events_old.yml | 5 +++-- 2 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 datasets/suspicious_behaviour/crowdstrike_stream/event_stream_events/stream_events_2.log diff --git a/datasets/suspicious_behaviour/crowdstrike_stream/event_stream_events/stream_events_2.log b/datasets/suspicious_behaviour/crowdstrike_stream/event_stream_events/stream_events_2.log new file mode 100644 index 000000000..2ee492b3d --- /dev/null +++ b/datasets/suspicious_behaviour/crowdstrike_stream/event_stream_events/stream_events_2.log @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fe76ce949b1c2fb84d397bbf698784c356da7134d3f0fc378bc2920528a0ea48 +size 77923 diff --git a/datasets/suspicious_behaviour/crowdstrike_stream/event_stream_events/stream_events_old.yml b/datasets/suspicious_behaviour/crowdstrike_stream/event_stream_events/stream_events_old.yml index a7000c98b..9001f55b9 100644 --- a/datasets/suspicious_behaviour/crowdstrike_stream/event_stream_events/stream_events_old.yml +++ b/datasets/suspicious_behaviour/crowdstrike_stream/event_stream_events/stream_events_old.yml @@ -1,11 +1,12 @@ author: Bryan Pluta, Splunk id: ddc1277f-7cfb-47cd-80d2-a84dd4b873ac -date: '2025-06-02' +date: '2026-02-06' description: Generated datasets from a demo environment for Crowdstrike Event Stream Events. environment: NA dataset: - https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/suspicious_behaviour/crowdstrike_stream/event_stream_events/stream_events.log +- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/suspicious_behaviour/crowdstrike_stream/event_stream_events/stream_events_2.log sourcetypes: - 'CrowdStrike:Event:Streams:JSON' references: -- https://www.crowdstrike.com/en-us/resources/guides/crowdstrike-falcon-event-streams-add-on-for-splunk-guide-v3/ \ No newline at end of file +- https://www.crowdstrike.com/en-us/resources/guides/crowdstrike-falcon-event-streams-add-on-for-splunk-guide-v3/