From 6dac82b7d1209d8add924aee571a5daf3e39cd17 Mon Sep 17 00:00:00 2001
From: Bhavin Patel <bpatel@splunk.com>
Date: Thu, 22 Jan 2026 22:51:08 +0530
Subject: [PATCH] adding new log files

---
 .../T1021.002/atomic_red_team/atomic_red_team.yml             | 4 ++++
 .../T1021.002/atomic_red_team/dns-sysmon.log                  | 3 +++
 2 files changed, 7 insertions(+)
 create mode 100644 datasets/attack_techniques/T1021.002/atomic_red_team/dns-sysmon.log

diff --git a/datasets/attack_techniques/T1021.002/atomic_red_team/atomic_red_team.yml b/datasets/attack_techniques/T1021.002/atomic_red_team/atomic_red_team.yml
index 60c8ad4f..5f243f5c 100644
--- a/datasets/attack_techniques/T1021.002/atomic_red_team/atomic_red_team.yml
+++ b/datasets/attack_techniques/T1021.002/atomic_red_team/atomic_red_team.yml
@@ -38,3 +38,7 @@ datasets:
   path: /datasets/attack_techniques/T1021.002/atomic_red_team/windows-sysmon.log
   sourcetype: XmlWinEventLog
   source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+- name: dns-sysmon
+  path: /datasets/attack_techniques/T1021.002/atomic_red_team/dns-sysmon.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
diff --git a/datasets/attack_techniques/T1021.002/atomic_red_team/dns-sysmon.log b/datasets/attack_techniques/T1021.002/atomic_red_team/dns-sysmon.log
new file mode 100644
index 00000000..606779b5
--- /dev/null
+++ b/datasets/attack_techniques/T1021.002/atomic_red_team/dns-sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ce0cb13d031325ebf258d9a81aa4b4ed8efbc234bda2e4d1801f7701b8b6918c
+size 6689