From d6cb4f9f7df977bd9155ada67f5743307a1d3b9a Mon Sep 17 00:00:00 2001 From: Raven Tait Date: Thu, 16 Oct 2025 13:11:35 -0400 Subject: [PATCH 1/2] attack data for request smuggling --- .../nginx_request_smuggling.log | 3 +++ .../nginx_scripting_tools.log | 3 +++ .../request_smuggling/request_smuggling.yml | 21 +++++++++++++++++++ .../suricata_request_smuggling.log | 3 +++ 4 files changed, 30 insertions(+) create mode 100644 datasets/attack_techniques/T1190/request_smuggling/nginx_request_smuggling.log create mode 100644 datasets/attack_techniques/T1190/request_smuggling/nginx_scripting_tools.log create mode 100644 datasets/attack_techniques/T1190/request_smuggling/request_smuggling.yml create mode 100644 datasets/attack_techniques/T1190/request_smuggling/suricata_request_smuggling.log diff --git a/datasets/attack_techniques/T1190/request_smuggling/nginx_request_smuggling.log b/datasets/attack_techniques/T1190/request_smuggling/nginx_request_smuggling.log new file mode 100644 index 00000000..cc4ccaa5 --- /dev/null +++ b/datasets/attack_techniques/T1190/request_smuggling/nginx_request_smuggling.log @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6d30db9a56755a4961ca33e22ff47f3984de3682373c4c1b05da1b9facfbcede +size 202332 diff --git a/datasets/attack_techniques/T1190/request_smuggling/nginx_scripting_tools.log b/datasets/attack_techniques/T1190/request_smuggling/nginx_scripting_tools.log new file mode 100644 index 00000000..200590d9 --- /dev/null +++ b/datasets/attack_techniques/T1190/request_smuggling/nginx_scripting_tools.log @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:029918dcc44563d959fc56680c28623527ecb4835a6306ecb636c66bb1385da3 +size 13224 diff --git a/datasets/attack_techniques/T1190/request_smuggling/request_smuggling.yml b/datasets/attack_techniques/T1190/request_smuggling/request_smuggling.yml new file mode 100644 index 00000000..d07710c1 --- /dev/null +++ b/datasets/attack_techniques/T1190/request_smuggling/request_smuggling.yml @@ -0,0 +1,21 @@ +author: Raven Tait, Splunk +id:b052c3c6-ec55-49a9-82ea-1f68da25763f +date: '2023-10-16' +description: Attack data related to request_smuggling +environment: attack_range +directory: request_smuggling +mitre_technique: +- T1190 +datasets: +- name: suricata_request_smuggling + path: /datasets/attack_techniques/T1190/request_smuggling/suricata_request_smuggling.log + sourcetype: suricata + source: suricata +- name: nginx_scripting_tools + path: /datasets/attack_techniques/T1190/request_smuggling/nginx_scripting_tools.log + sourcetype: nginx:plus:kv + source: nginx:plus:kv +- name: nginx_request_smuggling + path: /datasets/attack_techniques/T1190/request_smuggling/nginx_request_smuggling.log + sourcetype: nginx:plus:kv + source: nginx:plus:kv diff --git a/datasets/attack_techniques/T1190/request_smuggling/suricata_request_smuggling.log b/datasets/attack_techniques/T1190/request_smuggling/suricata_request_smuggling.log new file mode 100644 index 00000000..e1c268d8 --- /dev/null +++ b/datasets/attack_techniques/T1190/request_smuggling/suricata_request_smuggling.log @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:067aeec8987bcd6cd7dd1c02e2aeb9ef335d078a760c5313dcb46e8d78c928a3 +size 32368 From 5ed087bebe3287d4111d3321330ff9eb0f05f377 Mon Sep 17 00:00:00 2001 From: Raven Tait Date: Thu, 16 Oct 2025 13:18:38 -0400 Subject: [PATCH 2/2] fix missing space --- .../T1190/request_smuggling/request_smuggling.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/datasets/attack_techniques/T1190/request_smuggling/request_smuggling.yml b/datasets/attack_techniques/T1190/request_smuggling/request_smuggling.yml index d07710c1..b861a8c4 100644 --- a/datasets/attack_techniques/T1190/request_smuggling/request_smuggling.yml +++ b/datasets/attack_techniques/T1190/request_smuggling/request_smuggling.yml @@ -1,5 +1,5 @@ author: Raven Tait, Splunk -id:b052c3c6-ec55-49a9-82ea-1f68da25763f +id: b052c3c6-ec55-49a9-82ea-1f68da25763f date: '2023-10-16' description: Attack data related to request_smuggling environment: attack_range