From fefe4e8a2d1312706a717d7f95db09ec17a09cdd Mon Sep 17 00:00:00 2001
From: Bhavin Patel <bpatel@splunk.com>
Date: Wed, 27 Aug 2025 12:22:16 -0700
Subject: [PATCH] updating dataset test

---
 datasets/cisco_isovalent/cisco_isovalent.yml                  | 4 ++++
 .../cisco_isovalent_process_exec_delayed_shell.log            | 3 +++
 2 files changed, 7 insertions(+)
 create mode 100644 datasets/cisco_isovalent/cisco_isovalent_process_exec_delayed_shell.log

diff --git a/datasets/cisco_isovalent/cisco_isovalent.yml b/datasets/cisco_isovalent/cisco_isovalent.yml
index 90157a40..6b262eee 100644
--- a/datasets/cisco_isovalent/cisco_isovalent.yml
+++ b/datasets/cisco_isovalent/cisco_isovalent.yml
@@ -11,4 +11,8 @@ datasets:
 - name: cisco_isovalent
   path: /datasets/cisco_isovalent/cisco_isovalent.log
   sourcetype: cisco:isovalent
+  source: cisco_isovalent
+- name: delayed_shell
+  path: /datasets/cisco_isovalent/cisco_isovalent_process_exec_delayed_shell.log
+  sourcetype: cisco:isovalent:processExec
   source: cisco_isovalent
\ No newline at end of file
diff --git a/datasets/cisco_isovalent/cisco_isovalent_process_exec_delayed_shell.log b/datasets/cisco_isovalent/cisco_isovalent_process_exec_delayed_shell.log
new file mode 100644
index 00000000..2a21a65c
--- /dev/null
+++ b/datasets/cisco_isovalent/cisco_isovalent_process_exec_delayed_shell.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b4ba624e3b8b822c95f5a53ed659b83d25e72f7cb9087d0d0d91e1d1311766f0
+size 24343