From 0456fb75a03179ac8228a0d11a7d7b055cbf40f4 Mon Sep 17 00:00:00 2001
From: Raven Tait <rmtait@cisco.com>
Date: Wed, 29 Oct 2025 11:49:06 -0400
Subject: [PATCH] WSUS Windows Application Logs

---
 datasets/attack_techniques/T1505.003/T1505.003.yml            | 4 ++++
 .../T1505.003/wsus-7053-windows-application.log               | 3 +++
 2 files changed, 7 insertions(+)
 create mode 100644 datasets/attack_techniques/T1505.003/wsus-7053-windows-application.log

diff --git a/datasets/attack_techniques/T1505.003/T1505.003.yml b/datasets/attack_techniques/T1505.003/T1505.003.yml
index b7f964ec..3a618c7d 100644
--- a/datasets/attack_techniques/T1505.003/T1505.003.yml
+++ b/datasets/attack_techniques/T1505.003/T1505.003.yml
@@ -44,3 +44,7 @@ datasets:
   path: /datasets/attack_techniques/T1505.003/wsus-suricata.log
   sourcetype: suricata
   source: suricata
+- name: wsus-7053-windows-application
+  path: /datasets/attack_techniques/T1505.003/wsus-7053-windows-application.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Application
diff --git a/datasets/attack_techniques/T1505.003/wsus-7053-windows-application.log b/datasets/attack_techniques/T1505.003/wsus-7053-windows-application.log
new file mode 100644
index 00000000..ea3d3c67
--- /dev/null
+++ b/datasets/attack_techniques/T1505.003/wsus-7053-windows-application.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:350a0727a1aa890a628315fbe1b577cf0cd75dcda66d38131a449b9478c4c4d1
+size 6385