From 2cb7eedfabf15ddd971c27ecf3009d5d22324fd6 Mon Sep 17 00:00:00 2001
From: Bhavin Patel <bpatel@splunk.com>
Date: Wed, 6 May 2026 16:15:20 +0530
Subject: [PATCH 1/2] adding new datasets

---
 .../cisco_secure_access/dns/anonymizer_dns.log    |  3 +++
 datasets/cisco_secure_access/dns/dns_proxy.yml    | 15 +++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 datasets/cisco_secure_access/dns/anonymizer_dns.log
 create mode 100644 datasets/cisco_secure_access/dns/dns_proxy.yml

diff --git a/datasets/cisco_secure_access/dns/anonymizer_dns.log b/datasets/cisco_secure_access/dns/anonymizer_dns.log
new file mode 100644
index 00000000..2a16b608
--- /dev/null
+++ b/datasets/cisco_secure_access/dns/anonymizer_dns.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8b4e0a095cc188323267f1129a2862972a6bb6d84d47205006df60f1aa783411
+size 794
diff --git a/datasets/cisco_secure_access/dns/dns_proxy.yml b/datasets/cisco_secure_access/dns/dns_proxy.yml
new file mode 100644
index 00000000..aaa3dddb
--- /dev/null
+++ b/datasets/cisco_secure_access/dns/dns_proxy.yml
@@ -0,0 +1,15 @@
+author: Bhavin Patel, Splunk
+id: 9ac78446-a25a-42a5-b022-a01de06752e7
+date: '2026-05-06'
+description: |
+  Sample Cisco Secure Access DNS events representing access to proxy-evasion / anonymizer destinations (lab-generated).
+  Events include URL categorization values that contain "Anonymizer" for validation of Cisco SA content aligned to MITRE ATT&CK T1562.001.
+environment: custom
+directory: cisco_secure_access/dns
+mitre_technique:
+  - T1562.001
+datasets:
+  - name: anonymizer_dns
+    path: /datasets/cisco_secure_access/dns/anonymizer_dns.log
+    source: cisco_cloud_security_addon
+    sourcetype: cisco:cloud_security:dns

From 0b94bd7a85b2a8447104c48ebafeedfa48f42613 Mon Sep 17 00:00:00 2001
From: Bhavin Patel <bpatel@splunk.com>
Date: Wed, 6 May 2026 16:25:52 +0530
Subject: [PATCH 2/2] updating file name

---
 datasets/cisco_secure_access/dns/{dns_proxy.yml => dns.yml} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename datasets/cisco_secure_access/dns/{dns_proxy.yml => dns.yml} (100%)

diff --git a/datasets/cisco_secure_access/dns/dns_proxy.yml b/datasets/cisco_secure_access/dns/dns.yml
similarity index 100%
rename from datasets/cisco_secure_access/dns/dns_proxy.yml
rename to datasets/cisco_secure_access/dns/dns.yml