diff --git a/datasets/attack_techniques/T1068/linux_dirtyfrag/dirty_frag_events_trimmed.log b/datasets/attack_techniques/T1068/linux_dirtyfrag/dirty_frag_events_trimmed.log
new file mode 100755
index 00000000..e5935696
--- /dev/null
+++ b/datasets/attack_techniques/T1068/linux_dirtyfrag/dirty_frag_events_trimmed.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:64231c20589813adbed3adc9f77c86552d6b4b4769bfca26ccdfd1452f86244d
+size 137547
diff --git a/datasets/attack_techniques/T1068/linux_dirtyfrag/linux_dirtyfrag.yml b/datasets/attack_techniques/T1068/linux_dirtyfrag/linux_dirtyfrag.yml
index d967eb3b..db02a9a0 100644
--- a/datasets/attack_techniques/T1068/linux_dirtyfrag/linux_dirtyfrag.yml
+++ b/datasets/attack_techniques/T1068/linux_dirtyfrag/linux_dirtyfrag.yml
@@ -19,4 +19,8 @@ datasets:
 -   name: linux_sysmon
     sourcetype: sysmon:linux
     source: Syslog:Linux-Sysmon/Operational
-    path: /datasets/attack_techniques/T1068/linux_dirtyfrag/linux_sysmon.log
\ No newline at end of file
+    path: /datasets/attack_techniques/T1068/linux_dirtyfrag/linux_sysmon.log
+-   name: dirty_frag_events_trimmed
+    sourcetype: linux_audit
+    source: /var/log/audit/audit.log
+    path: /datasets/attack_techniques/T1068/linux_dirtyfrag/dirty_frag_events_trimmed.log