Skip to content

Commit d649fe0

Browse files
jakeenea51jakeenea51
authored
adding intune bulk wipe dataset
1 parent 63dc606 commit d649fe0

2 files changed

Lines changed: 14 additions & 0 deletions

File tree

datasets/attack_techniques/T1561.001/microsoft_intune_bulk_wipe/microsoft_intune_bulk_wipe.log

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
version https://git-lfs.github.com/spec/v1
2+
oid sha256:a1ceda0afc580ecf7e761e44aa109e9b1f1d52e529e9c4fe72ad2d950512c227
3+
size 13001

datasets/attack_techniques/T1561.001/microsoft_intune_bulk_wipe/microsoft_intune_bulk_wipe.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
author: Jake Enea
2+
id: 4a5c3288-8391-4e80-9c3d-9dbb60ed1c45
3+
date: '2026-03-29'
4+
description: The following data contains simulated bulk Intune "wipe ManagedDevice" events from the Intune admin portal.
5+
environment: attack_range
6+
dataset:
7+
- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1561.001/microsoft_intune_bulk_wipe/microsoft_intune_bulk_wipe.log
8+
sourcetypes:
9+
- azure:monitor:activity
10+
references:
11+
- https://www.lumos.com/blog/stryker-hack

0 commit comments

Comments
 (0)