diff --git a/datasets/attack_techniques/T1012/backup_product_key_registry/backup_product_key_registry.yml b/datasets/attack_techniques/T1012/backup_product_key_registry/backup_product_key_registry.yml
new file mode 100644
index 00000000..a4b346a2
--- /dev/null
+++ b/datasets/attack_techniques/T1012/backup_product_key_registry/backup_product_key_registry.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: af95e1a6-196c-11f1-a72e-629be353806a
+date: '2026-03-06'
+description: Generated datasets for backup product key registry in attack range.
+environment: attack_range
+directory: backup_product_key_registry
+mitre_technique:
+- T1012
+datasets:
+- name: backup_protection.log
+  path: /datasets/attack_techniques/T1012/backup_product_key_registry/backup_protection.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Security'
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1012/backup_product_key_registry/backup_protection.log b/datasets/attack_techniques/T1012/backup_product_key_registry/backup_protection.log
new file mode 100644
index 00000000..432e96a9
--- /dev/null
+++ b/datasets/attack_techniques/T1012/backup_product_key_registry/backup_protection.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2b6423cb2660be00a9372e68e3cf380581c4cb85fae3fc3492261dea9de3675e
+size 1254
diff --git a/datasets/attack_techniques/T1012/host_file_accessed/host_file_accessed.yml b/datasets/attack_techniques/T1012/host_file_accessed/host_file_accessed.yml
new file mode 100644
index 00000000..b2a01287
--- /dev/null
+++ b/datasets/attack_techniques/T1012/host_file_accessed/host_file_accessed.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 1248c214-196d-11f1-a72e-629be353806a
+date: '2026-03-06'
+description: Generated datasets for host file accessed in attack range.
+environment: attack_range
+directory: host_file_accessed
+mitre_technique:
+- T1012
+datasets:
+- name: hosts_accessed.log
+  path: /datasets/attack_techniques/T1012/host_file_accessed/hosts_accessed.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Security'
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1012/host_file_accessed/hosts_accessed.log b/datasets/attack_techniques/T1012/host_file_accessed/hosts_accessed.log
new file mode 100644
index 00000000..a540f936
--- /dev/null
+++ b/datasets/attack_techniques/T1012/host_file_accessed/hosts_accessed.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dab0cef35984e303f3a480ff3919663597468c143c4db0f1103e07122d180f63
+size 15393
diff --git a/datasets/attack_techniques/T1047/susp_winrar/blank123.log b/datasets/attack_techniques/T1047/susp_winrar/blank123.log
new file mode 100644
index 00000000..1f5a0283
--- /dev/null
+++ b/datasets/attack_techniques/T1047/susp_winrar/blank123.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:57d7d9159fb48e074cd2954cbb2778ec1276502e9ca0bcd64d8f89cedea90fb4
+size 4342
diff --git a/datasets/attack_techniques/T1047/susp_winrar/susp_winrar.yml b/datasets/attack_techniques/T1047/susp_winrar/susp_winrar.yml
new file mode 100644
index 00000000..a4011bbe
--- /dev/null
+++ b/datasets/attack_techniques/T1047/susp_winrar/susp_winrar.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: ebd77fee-196c-11f1-a72e-629be353806a
+date: '2026-03-06'
+description: Generated datasets for susp winrar in attack range.
+environment: attack_range
+directory: susp_winrar
+mitre_technique:
+- T1047
+datasets:
+- name: blank123.log
+  path: /datasets/attack_techniques/T1047/susp_winrar/blank123.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1047/wmic_classes/wmic_classes.yml b/datasets/attack_techniques/T1047/wmic_classes/wmic_classes.yml
new file mode 100644
index 00000000..844675f6
--- /dev/null
+++ b/datasets/attack_techniques/T1047/wmic_classes/wmic_classes.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 8188a806-196d-11f1-a72e-629be353806a
+date: '2026-03-06'
+description: Generated datasets for wmic classes in attack range.
+environment: attack_range
+directory: wmic_classes
+mitre_technique:
+- T1047
+datasets:
+- name: wmic_cmd.log
+  path: /datasets/attack_techniques/T1047/wmic_classes/wmic_cmd.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1047/wmic_classes/wmic_cmd.log b/datasets/attack_techniques/T1047/wmic_classes/wmic_cmd.log
new file mode 100644
index 00000000..a8be4e0d
--- /dev/null
+++ b/datasets/attack_techniques/T1047/wmic_classes/wmic_cmd.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4d4894fe9a4d6bc11315788d0cd4f83e5865a7fbb7be9c2441eedd451fe4f8e5
+size 16015
diff --git a/datasets/attack_techniques/T1071.004/upload_files_dns/upload_files.log b/datasets/attack_techniques/T1071.004/upload_files_dns/upload_files.log
new file mode 100644
index 00000000..a88d25cf
--- /dev/null
+++ b/datasets/attack_techniques/T1071.004/upload_files_dns/upload_files.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fc4a25a46ac4e5dda18b601403c81068905eb52197af6d32ac1c75242b398f17
+size 2083
diff --git a/datasets/attack_techniques/T1071.004/upload_files_dns/upload_files_dns.yml b/datasets/attack_techniques/T1071.004/upload_files_dns/upload_files_dns.yml
new file mode 100644
index 00000000..0b47ed2e
--- /dev/null
+++ b/datasets/attack_techniques/T1071.004/upload_files_dns/upload_files_dns.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: f5d8301e-196d-11f1-a72e-629be353806a
+date: '2026-03-06'
+description: Generated datasets for upload files dns in attack range.
+environment: attack_range
+directory: upload_files_dns
+mitre_technique:
+- T1071.004
+datasets:
+- name: upload_files.log
+  path: /datasets/attack_techniques/T1071.004/upload_files_dns/upload_files.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1562.001/mpcmdrun_remove/mpcmdrun_remove.log b/datasets/attack_techniques/T1562.001/mpcmdrun_remove/mpcmdrun_remove.log
new file mode 100644
index 00000000..7cd3c79d
--- /dev/null
+++ b/datasets/attack_techniques/T1562.001/mpcmdrun_remove/mpcmdrun_remove.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0f531ac45216cb4e996f2359f64050edd3bd67f4fc58b9b65d8efd9b8645fc33
+size 5439
diff --git a/datasets/attack_techniques/T1562.001/mpcmdrun_remove/mpcmdrun_remove.yml b/datasets/attack_techniques/T1562.001/mpcmdrun_remove/mpcmdrun_remove.yml
new file mode 100644
index 00000000..d3431df3
--- /dev/null
+++ b/datasets/attack_techniques/T1562.001/mpcmdrun_remove/mpcmdrun_remove.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: 30280a92-196d-11f1-a72e-629be353806a
+date: '2026-03-06'
+description: Generated datasets for mpcmdrun remove in attack range.
+environment: attack_range
+directory: mpcmdrun_remove
+mitre_technique:
+- T1562.001
+datasets:
+- name: mpcmdrun_remove.log
+  path: /datasets/attack_techniques/T1562.001/mpcmdrun_remove/mpcmdrun_remove.log
+  sourcetype: 'XmlWinEventLog'
+  source: 'XmlWinEventLog:Microsoft-Windows-Sysmon/Operational'
\ No newline at end of file