diff --git a/datasets/cisco_secure_firewall_threat_defense/react2shell/react2shell.log b/datasets/cisco_secure_firewall_threat_defense/react2shell/react2shell.log
new file mode 100644
index 00000000..25c691cc
--- /dev/null
+++ b/datasets/cisco_secure_firewall_threat_defense/react2shell/react2shell.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:01c4370bbcd4261c457fc9d7a8ab907f836eb7918b4e841150c77456cee9806a
+size 2331
diff --git a/datasets/cisco_secure_firewall_threat_defense/react2shell/react2shell.yml b/datasets/cisco_secure_firewall_threat_defense/react2shell/react2shell.yml
new file mode 100644
index 00000000..b83782c3
--- /dev/null
+++ b/datasets/cisco_secure_firewall_threat_defense/react2shell/react2shell.yml
@@ -0,0 +1,13 @@
+author: Nasreddine Bencherchali, Splunk
+id: f0aeed06-629e-4d1e-9dae-b4687c779668
+date: '2025-12-08'
+description: Generated datasets for React2Shell exploitation 
+environment: NA
+directory: react2shell
+mitre_technique:
+- T1190
+datasets:
+- name: react2shell_ftd
+  path: /datasets/cisco_secure_firewall_threat_defense/react2shell/react2shell.log
+  sourcetype: cisco:sfw:estreamer
+  source: not_applicable
diff --git a/datasets/emerging_threats/react2shell/react2shell.yml b/datasets/emerging_threats/react2shell/react2shell.yml
index b8e96163..595691cd 100644
--- a/datasets/emerging_threats/react2shell/react2shell.yml
+++ b/datasets/emerging_threats/react2shell/react2shell.yml
@@ -3,7 +3,7 @@ id: f0beed06-629e-4d1e-9dae-b4687c779668
 date: '2025-12-08'
 description: Generated datasets for React2Shell exploitation
 environment: attack_range
-directory: reacr2shell
+directory: react2shell
 mitre_technique:
 - T1059
 - T1059.001