From 0a61418c5babbd92bd37d96dc79ab1dddc99add7 Mon Sep 17 00:00:00 2001
From: research-bot <research@splunk.com>
Date: Tue, 4 Feb 2025 11:37:53 -0800
Subject: [PATCH] adding secure_app alert

---
 .../alerts/cisco_secure_app_alerts.log                |  3 +++
 .../alerts/cisco_secure_app_alerts.yml                | 11 +++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 datasets/suspicious_behaviour/alerts/cisco_secure_app_alerts.log
 create mode 100644 datasets/suspicious_behaviour/alerts/cisco_secure_app_alerts.yml

diff --git a/datasets/suspicious_behaviour/alerts/cisco_secure_app_alerts.log b/datasets/suspicious_behaviour/alerts/cisco_secure_app_alerts.log
new file mode 100644
index 00000000..1567fc5e
--- /dev/null
+++ b/datasets/suspicious_behaviour/alerts/cisco_secure_app_alerts.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5f0085892bb50f84cdd9d1d39d45ba888238f4e80820f8da08d82753cca8cfba
+size 6085
diff --git a/datasets/suspicious_behaviour/alerts/cisco_secure_app_alerts.yml b/datasets/suspicious_behaviour/alerts/cisco_secure_app_alerts.yml
new file mode 100644
index 00000000..a9df5bdf
--- /dev/null
+++ b/datasets/suspicious_behaviour/alerts/cisco_secure_app_alerts.yml
@@ -0,0 +1,11 @@
+author: Bhavin Patel
+id: ab41e678-3b34-41ac-ab8e-1eb1ea545c4e
+date: '2024-10-24'
+description: This dataset is from a demo environment for Cisco Secure App alerts with sourcetype appdynamics_security
+environment: NA
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/suspicious_behaviour/alerts/cisco_secure_app_alerts.log
+sourcetypes:
+- appdynamics_security
+references:
+- https://docs.splunk.com/Documentation/AddOns/released/MSSecurity/Sourcetypes
\ No newline at end of file