diff --git a/datasets/attack_techniques/T1021.002/atomic_red_team/atomic_red_team.yml b/datasets/attack_techniques/T1021.002/atomic_red_team/atomic_red_team.yml
index 60c8ad4f..5f243f5c 100644
--- a/datasets/attack_techniques/T1021.002/atomic_red_team/atomic_red_team.yml
+++ b/datasets/attack_techniques/T1021.002/atomic_red_team/atomic_red_team.yml
@@ -38,3 +38,7 @@ datasets:
   path: /datasets/attack_techniques/T1021.002/atomic_red_team/windows-sysmon.log
   sourcetype: XmlWinEventLog
   source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+- name: dns-sysmon
+  path: /datasets/attack_techniques/T1021.002/atomic_red_team/dns-sysmon.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
diff --git a/datasets/attack_techniques/T1021.002/atomic_red_team/dns-sysmon.log b/datasets/attack_techniques/T1021.002/atomic_red_team/dns-sysmon.log
new file mode 100644
index 00000000..606779b5
--- /dev/null
+++ b/datasets/attack_techniques/T1021.002/atomic_red_team/dns-sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ce0cb13d031325ebf258d9a81aa4b4ed8efbc234bda2e4d1801f7701b8b6918c
+size 6689