diff --git a/datasets/attack_techniques/T1071.004/kerberos_coercion/kerberos_coercion.yml b/datasets/attack_techniques/T1071.004/kerberos_coercion/kerberos_coercion.yml
new file mode 100644
index 00000000..108afdd4
--- /dev/null
+++ b/datasets/attack_techniques/T1071.004/kerberos_coercion/kerberos_coercion.yml
@@ -0,0 +1,21 @@
+author: Raven Tait, Splunk
+id: 6f05e912-8743-4328-8ac2-4b0592918dfd
+date: '2025-11-14'
+description: Generated datasets for kerberos coercion using DNS in attack range.
+environment: attack_range
+directory: kerberos_coercion
+mitre_technique:
+- T1071.004
+datasets:
+- name: sysmon.log
+  path: /datasets/attack_techniques/T1071.004/kerberos_coercion/sysmon.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
+- name: suricata.log
+  path: /datasets/attack_techniques/T1071.004/kerberos_coercion/suricata.log
+  sourcetype: suricata
+  source: suricata
+- name: windows-xml.log
+  path: /datasets/attack_techniques/T1071.004/kerberos_coercion/windows-xml.log
+  sourcetype: XmlWinEventLog
+  source: XmlWinEventLog:Security
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1071.004/kerberos_coercion/suricata.log b/datasets/attack_techniques/T1071.004/kerberos_coercion/suricata.log
new file mode 100644
index 00000000..68b702bc
--- /dev/null
+++ b/datasets/attack_techniques/T1071.004/kerberos_coercion/suricata.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3455bfef4c69cff0466882787edce1d8f508fd58ca4d411ffc2a80f17981ca86
+size 2028
diff --git a/datasets/attack_techniques/T1071.004/kerberos_coercion/sysmon.log b/datasets/attack_techniques/T1071.004/kerberos_coercion/sysmon.log
new file mode 100644
index 00000000..48fd9d11
--- /dev/null
+++ b/datasets/attack_techniques/T1071.004/kerberos_coercion/sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a2a1993d49ed6dc9be332d000d82a2162658315bcdce3eaedb59f180ad13538a
+size 3344
diff --git a/datasets/attack_techniques/T1071.004/kerberos_coercion/windows-xml.log b/datasets/attack_techniques/T1071.004/kerberos_coercion/windows-xml.log
new file mode 100644
index 00000000..be4cab18
--- /dev/null
+++ b/datasets/attack_techniques/T1071.004/kerberos_coercion/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8838137aa5d4befb877163f1aeb28035792fe8a73674787cea4b9251739da74e
+size 14751