diff --git a/datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dns_query.log b/datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dns_query.log
new file mode 100644
index 00000000..314909de
--- /dev/null
+++ b/datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dns_query.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:57edefcbfadbe1954fa2867cbf5ad761e0f1a16097f9926d95c515358bc29f44
+size 8696
diff --git a/datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dnsquery.yml b/datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dnsquery.yml
new file mode 100644
index 00000000..a4b2eeea
--- /dev/null
+++ b/datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dnsquery.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 489169c0-9ea7-11f0-ba06-629be353806a
+date: '2025-10-01'
+description: Generated datasets for vbc dnsquery in attack range.
+environment: attack_range
+directory: vbc_dnsquery
+mitre_technique:
+- T1071.004
+datasets:
+- name: vbc_dns_query.log
+  path: /datasets/attack_techniques/T1071.004/vbc_dnsquery/vbc_dns_query.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file
diff --git a/datasets/m365_copilot/m365_copilot.yml b/datasets/m365_copilot/m365_copilot.yml
index fcb1977b..d79c727b 100644
--- a/datasets/m365_copilot/m365_copilot.yml
+++ b/datasets/m365_copilot/m365_copilot.yml
@@ -3,6 +3,8 @@ id: 0bf90131-c582-4976-85b8-711d2c2c1926
 date: '2025-09-25'
 description: |
  Logs from M365 Copilot Access Logs via Splunk Add-on for M365 and Exported Logs from eDsicovery Purview. Contains actual access logs and jailbreak attacks. 
+environment: attack_range
+directory: m365_copilot
 mitre_technique: []
 datasets:
 - name: m365_access_logs