diff --git a/datasets/cisco_secure_access/firewall/firewall.yml b/datasets/cisco_secure_access/firewall/firewall.yml
new file mode 100644
index 00000000..6b3d0517
--- /dev/null
+++ b/datasets/cisco_secure_access/firewall/firewall.yml
@@ -0,0 +1,29 @@
+author: Bhavin Patel, Splunk
+id: 1fc537db-5e0b-4a2e-a768-27e08eff0c70
+date: '2026-03-19'
+description: |
+ Generated datasets for Cisco Secure Access Firewall EventType by manual /atomic-red team simulations in a K8s cluster running Tetragon
+environment: custom
+directory: cisco_secure_access/firewall
+mitre_technique: []
+datasets:
+- name: firewall
+  path: /datasets/cisco_secure_access/firewall/rdp_brute_force.log
+  sourcetype: cisco:secure_access:firewall
+  source: cisco_secure_access:firewall
+- name: large_icmp
+  path: /datasets/cisco_secure_access/firewall/large_icmp.log
+  sourcetype: cisco:secure_access:firewall
+  source: cisco_secure_access:firewall
+- name: ldap
+  path: /datasets/cisco_secure_access/firewall/ldap.log
+  sourcetype: cisco:secure_access:firewall
+  source: cisco_secure_access:firewall
+- name: outbound_smb
+  path: /datasets/cisco_secure_access/firewall/outbound_smb.log
+  sourcetype: cisco:secure_access:firewall
+  source: cisco_secure_access:firewall
+- name: nmap
+  path: /datasets/cisco_secure_access/firewall/nmap.log
+  sourcetype: cisco:secure_access:firewall
+  source: cisco_secure_access:firewall
\ No newline at end of file
diff --git a/datasets/cisco_secure_access/firewall/large_icmp.log b/datasets/cisco_secure_access/firewall/large_icmp.log
new file mode 100644
index 00000000..ece48f82
--- /dev/null
+++ b/datasets/cisco_secure_access/firewall/large_icmp.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b7494c86cf3fad8ea5a8f37bb3d21b4d7c4aba694e1973f4f5a9207389786690
+size 428
diff --git a/datasets/cisco_secure_access/firewall/ldap.log b/datasets/cisco_secure_access/firewall/ldap.log
new file mode 100644
index 00000000..39caead1
--- /dev/null
+++ b/datasets/cisco_secure_access/firewall/ldap.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ca284e10d3834a2b6e56116bfb2078cc690eabf05f1b37aff3714d92fc66406c
+size 423
diff --git a/datasets/cisco_secure_access/firewall/nmap.log b/datasets/cisco_secure_access/firewall/nmap.log
new file mode 100644
index 00000000..1986398a
--- /dev/null
+++ b/datasets/cisco_secure_access/firewall/nmap.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5fb3007ad740d51c5af4b6e7b5e5750e9ef833ace9d2c14d325179f834c05981
+size 135478
diff --git a/datasets/cisco_secure_access/firewall/outbound_smb.log b/datasets/cisco_secure_access/firewall/outbound_smb.log
new file mode 100644
index 00000000..e7561ff1
--- /dev/null
+++ b/datasets/cisco_secure_access/firewall/outbound_smb.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1285ed5919c3395964f748be9289448a510baf931c16e7f46666f60c143b695a
+size 9337
diff --git a/datasets/cisco_secure_access/firewall/rdp_brute_force.log b/datasets/cisco_secure_access/firewall/rdp_brute_force.log
new file mode 100644
index 00000000..4690ad63
--- /dev/null
+++ b/datasets/cisco_secure_access/firewall/rdp_brute_force.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:82fc54be49df5a1635be5c8b101c56ae68347e0e7f91f8c39439e5b673030e88
+size 4605