adding attack data

Author: patel-bhavin

datasets/attack_techniques/T1485/aws_delete_knowledge_base/aws_delete_knowledge_base.yml

@@ -0,0 +1,12 @@
+author: Bhavin Patel
+id: 984e9022-b87b-499a-a260-8d0282c46ea2
+date: '2025-04-10'
+description: Dataset generated from AWS CloudTrail logs capturing the lifecycle of an intentionally exposed S3 bucket, including its creation, public access configuration (via bucket policy and website hosting), and subsequent deletion. This simulates the an activity of a malicious actor deleting a knowledge base from AWS Bedrock.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1485/aws_delete_knowledge_base/cloudtrail.json
+sourcetypes:
+- aws:cloudtrail
+references:
+- https://attack.mitre.org/techniques/T1485/
+

datasets/attack_techniques/T1485/aws_delete_knowledge_base/cloudtrail.json

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9bcaa0a91ea6e97cdc51b6ef6af0258068bab369226a72bfb94dca535d235d9a
+size 1559

datasets/attack_techniques/T1562.008/aws_bedrock_delete_guardrails/aws_bedrock_delete_guardrails.yml

@@ -0,0 +1,11 @@
+author: Bhavin Patel, Splunk
+id: cdd4205f-e570-42ee-add9-048f2ac48a62
+date: '2025-04-10'
+description: Dataset which contains cloudtrail events with a deletes of AWS Bedrock GuardRails
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1562.008/aws_bedrock_delete_guardrails/cloudtrail.json
+sourcetypes:
+- aws:cloudtrail
+references:
+- https://attack.mitre.org/techniques/T1562/008/

datasets/attack_techniques/T1562.008/aws_bedrock_delete_guardrails/cloudtrail.json

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c2fac3e16c8fc17ae01c697fbd8eb92ba1fc4386547f7f14652d3da8d6f61cd2
+size 1554