From 811c816f221aaefcf278f16dab0a18d2bbae23a6 Mon Sep 17 00:00:00 2001
From: Michael Haag <mhaag@splunk.com>
Date: Thu, 21 Aug 2025 08:38:54 -0600
Subject: [PATCH] first

---
 .../cisco_smart_install/cisco_smart_install.yml   | 15 +++++++++++++++
 .../cisco/cisco_smart_install/stream_tcp.log      |  3 +++
 2 files changed, 18 insertions(+)
 create mode 100644 datasets/attack_techniques/T1190/cisco/cisco_smart_install/cisco_smart_install.yml
 create mode 100644 datasets/attack_techniques/T1190/cisco/cisco_smart_install/stream_tcp.log

diff --git a/datasets/attack_techniques/T1190/cisco/cisco_smart_install/cisco_smart_install.yml b/datasets/attack_techniques/T1190/cisco/cisco_smart_install/cisco_smart_install.yml
new file mode 100644
index 00000000..86456699
--- /dev/null
+++ b/datasets/attack_techniques/T1190/cisco/cisco_smart_install/cisco_smart_install.yml
@@ -0,0 +1,15 @@
+author: Bhavin Patel, Michael Haag, Splunk
+id: 3a7a9d5e-8f12-4b2d-a6e9-5c8b7f3e1d2a
+date: '2025-08-21'
+description: |
+  Generated datasets for Cisco Smart Install port discovery and exploitation attempts. Contains network traffic 
+  simulations targeting the Cisco Smart Install port (4786) for the following detections:
+  * Cisco Smart Install Port Discovery and Status
+environment: manual simulations in a controlled lab environment
+mitre_technique: 
+- T1190
+datasets:
+- name: cisco_smart_install_traffic
+  path: /datasets/attack_techniques/T1190/cisco_smart_install/stream_tcp.log
+  sourcetype: stream:tcp
+  source: stream:tcp
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1190/cisco/cisco_smart_install/stream_tcp.log b/datasets/attack_techniques/T1190/cisco/cisco_smart_install/stream_tcp.log
new file mode 100644
index 00000000..76195930
--- /dev/null
+++ b/datasets/attack_techniques/T1190/cisco/cisco_smart_install/stream_tcp.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7f6455cfe9d2ae34714f6540e19fa79f9dae20b2c7690fc6049024c299e6c7e6
+size 1528