Merge pull request #1163 from splunk/snap_conversion

RavenTait · web-flow · commit 9897ce63d8e6 · 2026-04-28T14:52:01.000-04:00
Bluehammer Logs
diff --git a/datasets/attack_techniques/T1068/bluehammer/bluehammer.yml b/datasets/attack_techniques/T1068/bluehammer/bluehammer.yml
@@ -0,0 +1,18 @@
+author: Raven Tait, Splunk
+id: 430623fe-f2ec-42a1-9015-41077aa40f74
+date: '2026-04-27'
+description: Generated datasets for Bluehammer privilege escalation
+    in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1068
+datasets:
+-   name: windows-security
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Security
+    path: /datasets/attack_techniques/T1068/bluehammer/windows-security.log
+-   name: windows-sysmon
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+    path: /datasets/attack_techniques/T1068/bluehammer/windows-sysmon.log
diff --git a/datasets/attack_techniques/T1068/bluehammer/windows-security.log b/datasets/attack_techniques/T1068/bluehammer/windows-security.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b8eb42204e28a818de619ba3ec78504e0252c08863ea71d5b672cbf58174c563
+size 1105
diff --git a/datasets/attack_techniques/T1068/bluehammer/windows-sysmon.log b/datasets/attack_techniques/T1068/bluehammer/windows-sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2a350bcb6ca3827f1deaf57e415a188807331e49af3a38c5335e58928afef19f
+size 6109

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:b8eb42204e28a818de619ba3ec78504e0252c08863ea71d5b672cbf58174c563`
	`3`	`+size 1105`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:2a350bcb6ca3827f1deaf57e415a188807331e49af3a38c5335e58928afef19f`
	`3`	`+size 6109`