splunk · MHaggis · Oct 28, 2025 · Oct 28, 2025 · Oct 28, 2025
diff --git a/datasets/attack_techniques/T1195.001/npm/npm_supply_chain.yml b/datasets/attack_techniques/T1195.001/npm/npm_supply_chain.yml
@@ -0,0 +1,17 @@
+author: Michael Haag, Splunk
+id: 0e029cfc-ce81-48c4-ba74-598afa1ddbba
+date: '2025-10-28'
+description: Dataset generated in attack range for the attack technique of npm supply chain.
+environment: attack_range
+directory: npm
+mitre_technique:
+- T1195.001
+datasets:
+- name: workflow_yml_sysmon_linux
+  path: /datasets/attack_techniques/T1195.001/npm/workflow_yml_sysmon.log
+  sourcetype: sysmon:linux
+  source: Syslog:Linux-Sysmon/Operational
+- name: shai_hulud_workflow_sysmon
+  path: /datasets/attack_techniques/T1195.001/npm/shai_hulud_workflow_sysmon.log
+  sourcetype: sysmon:linux
+  source: Syslog:Linux-Sysmon/Operational
diff --git a/datasets/attack_techniques/T1195.001/npm/shai_hulud_workflow_sysmon.log b/datasets/attack_techniques/T1195.001/npm/shai_hulud_workflow_sysmon.log
diff --git a/datasets/attack_techniques/T1195.001/npm/workflow_yml_sysmon.log b/datasets/attack_techniques/T1195.001/npm/workflow_yml_sysmon.log