diff --git a/datasets/cisco_isovalent/cisco_isovalent.yml b/datasets/cisco_isovalent/cisco_isovalent.yml
index 90157a40..6b262eee 100644
--- a/datasets/cisco_isovalent/cisco_isovalent.yml
+++ b/datasets/cisco_isovalent/cisco_isovalent.yml
@@ -11,4 +11,8 @@ datasets:
 - name: cisco_isovalent
   path: /datasets/cisco_isovalent/cisco_isovalent.log
   sourcetype: cisco:isovalent
+  source: cisco_isovalent
+- name: delayed_shell
+  path: /datasets/cisco_isovalent/cisco_isovalent_process_exec_delayed_shell.log
+  sourcetype: cisco:isovalent:processExec
   source: cisco_isovalent
\ No newline at end of file
diff --git a/datasets/cisco_isovalent/cisco_isovalent_process_exec_delayed_shell.log b/datasets/cisco_isovalent/cisco_isovalent_process_exec_delayed_shell.log
new file mode 100644
index 00000000..2a21a65c
--- /dev/null
+++ b/datasets/cisco_isovalent/cisco_isovalent_process_exec_delayed_shell.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b4ba624e3b8b822c95f5a53ed659b83d25e72f7cb9087d0d0d91e1d1311766f0
+size 24343