Merge pull request #1156 from splunk/vip_env

P4T12ICK · web-flow · commit 120b02d38a4c · 2026-04-21T09:32:09.000+02:00
vip_env
diff --git a/datasets/attack_techniques/T1059.001/vip_env_var_execution/env_vip_pwh_intl.log b/datasets/attack_techniques/T1059.001/vip_env_var_execution/env_vip_pwh_intl.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:753422f11067b2d865601462f1eb2609c8e33e09e3f4fe1eecc5d67ff964948a
+size 22781
diff --git a/datasets/attack_techniques/T1059.001/vip_env_var_execution/vip_env_var_execution.yml b/datasets/attack_techniques/T1059.001/vip_env_var_execution/vip_env_var_execution.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 47f8b9ce-3cc6-11f1-99d5-629be353806a
+date: '2026-04-20'
+description: Generated datasets for vip env var execution in attack range.
+environment: attack_range
+directory: vip_env_var_execution
+mitre_technique:
+- T1059.001
+datasets:
+- name: env_vip_pwh_intl.log
+  path: /datasets/attack_techniques/T1059.001/vip_env_var_execution/env_vip_pwh_intl.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-PowerShell/Operational'

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:753422f11067b2d865601462f1eb2609c8e33e09e3f4fe1eecc5d67ff964948a`
	`3`	`+size 22781`