From ba8be5812baae1e77b7ccf66f2fd10d979fcd059 Mon Sep 17 00:00:00 2001
From: nasbench <nasreddineb@splunk.com>
Date: Tue, 2 Jun 2026 12:27:19 +0100
Subject: [PATCH] add salt logs

---
 .../{salttyphoon_correlation.yml => salttyphoon.yml}        | 6 +++++-
 datasets/emerging_threats/SaltTyphoon/salttyphoon_cisco.log | 3 +++
 2 files changed, 8 insertions(+), 1 deletion(-)
 rename datasets/emerging_threats/SaltTyphoon/{salttyphoon_correlation.yml => salttyphoon.yml} (57%)
 create mode 100644 datasets/emerging_threats/SaltTyphoon/salttyphoon_cisco.log

diff --git a/datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.yml b/datasets/emerging_threats/SaltTyphoon/salttyphoon.yml
similarity index 57%
rename from datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.yml
rename to datasets/emerging_threats/SaltTyphoon/salttyphoon.yml
index a27050af..5b0d5ae4 100644
--- a/datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.yml
+++ b/datasets/emerging_threats/SaltTyphoon/salttyphoon.yml
@@ -1,7 +1,7 @@
 author: Nasreddine Bencherchali, Splunk
 id: d403fecb-720c-48fb-9d1a-5671f0195513
 date: '2026-01-08'
-description: Generated datasets for Cisco IOS switch exploitation. Correlating Cisco Secure Firewall logs with Cisco IOS logs to detect SaltTyphoon activities.
+description: Generated datasets for Cisco IOS switch exploitation. Including correlation of Cisco Secure Firewall logs with Cisco IOS logs to detect SaltTyphoon activities, as well as standalone IOS XE logs.
 environment: NA
 directory: SaltTyphoon
 mitre_technique:
@@ -11,3 +11,7 @@ datasets:
   path: /datasets/emerging_threats/SaltTyphoon/salttyphoon_correlation.log
   sourcetype: stash
   source: not_applicable
+- name: salttyphoon_cisco
+  path: /datasets/emerging_threats/SaltTyphoon/salttyphoon_cisco.log
+  sourcetype: cisco:ios
+  source: not_applicable
diff --git a/datasets/emerging_threats/SaltTyphoon/salttyphoon_cisco.log b/datasets/emerging_threats/SaltTyphoon/salttyphoon_cisco.log
new file mode 100644
index 00000000..855c4006
--- /dev/null
+++ b/datasets/emerging_threats/SaltTyphoon/salttyphoon_cisco.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1b15d16661c25e4d201cf671d65aa3b0c4595b96d8323d8bc156ef8dfc4e8c82
+size 10386