diff --git a/datasets/attack_techniques/T1548/apt_get/apt_get.yml b/datasets/attack_techniques/T1548/apt_get/apt_get.yml
index f364fc5a..dfc1b3be 100644
--- a/datasets/attack_techniques/T1548/apt_get/apt_get.yml
+++ b/datasets/attack_techniques/T1548/apt_get/apt_get.yml
@@ -1,6 +1,6 @@
 author: Gowthamaraj Rajendran, Splunk
 id: 626b6584-bdcf-4b12-9e72-6c63eda796c0
-date: '2022-08-12'
+date: '2025-10-28'
 description: apt-get linux living off the land and privilege escalation.
 environment: attack_range
 directory: apt_get
@@ -11,3 +11,7 @@ datasets:
   path: /datasets/attack_techniques/T1548/apt_get/sysmon_linux.log
   sourcetype: sysmon:linux
   source: Syslog:Linux-Sysmon/Operational
+- name: cisco_isovalent
+  path: /datasets/attack_techniques/T1548/apt_get/cisco_isovalent.log
+  sourcetype: cisco:isovalent:processExec
+  source: not_applicable
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1548/apt_get/cisco_isovalent.log b/datasets/attack_techniques/T1548/apt_get/cisco_isovalent.log
new file mode 100644
index 00000000..27aff0ff
--- /dev/null
+++ b/datasets/attack_techniques/T1548/apt_get/cisco_isovalent.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:40f1e95fcb0567995357804f746a23b3323aaa90752ca52bcaaa41e5706b6323
+size 8739
diff --git a/datasets/attack_techniques/T1552.005/isovalent_cloud_metadata/isovalent_cloud_metadata.yml b/datasets/attack_techniques/T1552.005/isovalent_cloud_metadata/isovalent_cloud_metadata.yml
new file mode 100644
index 00000000..f2e0d971
--- /dev/null
+++ b/datasets/attack_techniques/T1552.005/isovalent_cloud_metadata/isovalent_cloud_metadata.yml
@@ -0,0 +1,13 @@
+author: Bhavin Patel, Splunk
+id: 04085959-2f4e-4804-bebc-64daff81d0c4
+date: '2025-10-28'
+description: This data is created in a K8s cluster running Tetragon and Cisco Isovalent Runtime Security to simulate accessing cloud metadata service.
+environment: not_applicable
+directory: isovalent_cloud_metadata
+mitre_technique:
+- T1552.005
+datasets:
+- name: process_connect
+  path: /datasets/attack_techniques/T1552.005/isovalent_cloud_metadata/process_connect.log
+  sourcetype: cisco:isovalent:processConnect
+  source: not_applicable
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1552.005/isovalent_cloud_metadata/process_connect.log b/datasets/attack_techniques/T1552.005/isovalent_cloud_metadata/process_connect.log
new file mode 100644
index 00000000..7a61b4e0
--- /dev/null
+++ b/datasets/attack_techniques/T1552.005/isovalent_cloud_metadata/process_connect.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d8de75328fd801d6516463f94b0bfd818b7ae731d97ced08feac0a7ecd628403
+size 15752