splunk · RavenTait · Feb 20, 2026
diff --git a/datasets/attack_techniques/T1030/osquery_data_chunking/osquery.log b/datasets/attack_techniques/T1030/osquery_data_chunking/osquery.log
diff --git a/datasets/attack_techniques/T1030/osquery_data_chunking/osquery.yml b/datasets/attack_techniques/T1030/osquery_data_chunking/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: e1ad8f03-6cb5-4ae9-a0c0-b9eb9ff0e4b8
+date: '2026-02-19'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1030/osquery_data_chunking/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1030/
diff --git a/datasets/attack_techniques/T1037.002/osquery_logon_scripts/osquery.log b/datasets/attack_techniques/T1037.002/osquery_logon_scripts/osquery.log
diff --git a/datasets/attack_techniques/T1037.002/osquery_logon_scripts/osquery.yml b/datasets/attack_techniques/T1037.002/osquery_logon_scripts/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: 69fb68a6-dce5-400f-8a5e-086abda181aa
+date: '2026-02-19'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1037.002/osquery_logon_scripts/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1037/002/
diff --git a/datasets/attack_techniques/T1053.004/osquery_persistence/osquery.log b/datasets/attack_techniques/T1053.004/osquery_persistence/osquery.log
diff --git a/datasets/attack_techniques/T1053.004/osquery_persistence/osquery.yml b/datasets/attack_techniques/T1053.004/osquery_persistence/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: a319c571-0d12-4af7-b3dc-a30907e98277
+date: '2026-02-20'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1053.004/osquery_persistence/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1053/004/
diff --git a/datasets/attack_techniques/T1068/osquery_system_startup/osquery.log b/datasets/attack_techniques/T1068/osquery_system_startup/osquery.log
diff --git a/datasets/attack_techniques/T1068/osquery_system_startup/osquery.yml b/datasets/attack_techniques/T1068/osquery_system_startup/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: bb5c9118-aec9-4d94-b3a5-cf5e7f422740
+date: '2026-02-20'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1068/osquery_system_startup/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1068/
diff --git a/datasets/attack_techniques/T1070/osquery_log_removal/osquery.log b/datasets/attack_techniques/T1070/osquery_log_removal/osquery.log
diff --git a/datasets/attack_techniques/T1070/osquery_log_removal/osquery.yml b/datasets/attack_techniques/T1070/osquery_log_removal/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: 06297035-0abf-485a-9c4c-9f416999d845
+date: '2026-02-19'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1070/osquery_log_removal/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1070/
diff --git a/datasets/attack_techniques/T1135/osquery_share_discovery/osquery.log b/datasets/attack_techniques/T1135/osquery_share_discovery/osquery.log
diff --git a/datasets/attack_techniques/T1135/osquery_share_discovery/osquery.yml b/datasets/attack_techniques/T1135/osquery_share_discovery/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: d93e309a-f7b1-4bef-b8b7-b447f1f616a3
+date: '2026-02-20'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1135/osquery_share_discovery/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1135/
diff --git a/datasets/attack_techniques/T1136/osquery_account_creation/osquery.log b/datasets/attack_techniques/T1136/osquery_account_creation/osquery.log
diff --git a/datasets/attack_techniques/T1136/osquery_account_creation/osquery.yml b/datasets/attack_techniques/T1136/osquery_account_creation/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: 06297035-0abf-485a-9c4c-9f416999d845
+date: '2026-02-19'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1136/osquery_account_creation/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1136/
diff --git a/datasets/attack_techniques/T1543/osquery_ketxload/osquery.log b/datasets/attack_techniques/T1543/osquery_ketxload/osquery.log
diff --git a/datasets/attack_techniques/T1543/osquery_ketxload/osquery.yml b/datasets/attack_techniques/T1543/osquery_ketxload/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: 324fc256-70c7-4e68-a32e-e2886f6245bb
+date: '2026-02-19'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1543/osquery_ketxload/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1543
diff --git a/datasets/attack_techniques/T1555.001/osquery_keychains/osquery.log b/datasets/attack_techniques/T1555.001/osquery_keychains/osquery.log
diff --git a/datasets/attack_techniques/T1555.001/osquery_keychains/osquery.yml b/datasets/attack_techniques/T1555.001/osquery_keychains/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: d9cbe409-3012-48d7-8926-b5ee0287ee3f
+date: '2026-02-19'
+description: Generation of Mac OSX techniques involving keychains and osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1555.001/osquery_keychains/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1555/001/
diff --git a/datasets/attack_techniques/T1564.001/osquery_hidden_files/osquery.log b/datasets/attack_techniques/T1564.001/osquery_hidden_files/osquery.log
diff --git a/datasets/attack_techniques/T1564.001/osquery_hidden_files/osquery.yml b/datasets/attack_techniques/T1564.001/osquery_hidden_files/osquery.yml
@@ -0,0 +1,11 @@
+author: Raven Tait
+id: 649730e9-20c1-4776-b902-2c4fc819b00c
+date: '2026-02-19'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1564.001/osquery_hidden_files/osquery.log
+sourcetypes:
+- osquery:results
+references:
+- https://attack.mitre.org/techniques/T1564/001/