diff --git a/datasets/attack_techniques/T1021.001/susp_default_rdp_creation/default_rdp_dropped.log b/datasets/attack_techniques/T1021.001/susp_default_rdp_creation/default_rdp_dropped.log
new file mode 100644
index 00000000..716b3d5b
--- /dev/null
+++ b/datasets/attack_techniques/T1021.001/susp_default_rdp_creation/default_rdp_dropped.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:23f802141a9dc33ca819fb13e03f4d3f3a55113dc08ea1b6cc8661432bec7818
+size 10937
diff --git a/datasets/attack_techniques/T1021.001/susp_default_rdp_creation/susp_default_rdp_creation.yml b/datasets/attack_techniques/T1021.001/susp_default_rdp_creation/susp_default_rdp_creation.yml
index edfb172b..acf68ca3 100644
--- a/datasets/attack_techniques/T1021.001/susp_default_rdp_creation/susp_default_rdp_creation.yml
+++ b/datasets/attack_techniques/T1021.001/susp_default_rdp_creation/susp_default_rdp_creation.yml
@@ -7,7 +7,7 @@ directory: susp_default_rdp_creation
 mitre_technique:
 - T1021.001
 datasets:
-- name: default_rdp.log
-  path: /datasets/attack_techniques/T1021.001/susp_default_rdp_creation/default_rdp.log
+- name: default_rdp_dropped.log
+  path: /datasets/attack_techniques/T1021.001/susp_default_rdp_creation/default_rdp_dropped.log
   sourcetype: 'XmlWinEventLog'
   source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file