diff --git a/datasets/attack_techniques/T1059/splunk/splunk_mrollup_abuse_audittrail.log b/datasets/attack_techniques/T1059/splunk/splunk_mrollup_abuse_audittrail.log
new file mode 100644
index 00000000..0de8a403
--- /dev/null
+++ b/datasets/attack_techniques/T1059/splunk/splunk_mrollup_abuse_audittrail.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4217fe633d7e00c30281dc4dc100dcf83320d702e46de72fcba04c2a6c6a72a9
+size 82525
diff --git a/datasets/attack_techniques/T1190/splunk/splunk_enterprise_windows_deserialization_file_partition_splunk_python.log b/datasets/attack_techniques/T1190/splunk/splunk_enterprise_windows_deserialization_file_partition_splunk_python.log
new file mode 100644
index 00000000..08c070ee
--- /dev/null
+++ b/datasets/attack_techniques/T1190/splunk/splunk_enterprise_windows_deserialization_file_partition_splunk_python.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cdb53c6d3a8bd06149344cfd467698f90fa5d87eff061b37477a32b4319b1207
+size 366
diff --git a/datasets/attack_techniques/T1548/splunk/splunk_enterprise_kv_store_incorrect_authorization_splunkd_access.log b/datasets/attack_techniques/T1548/splunk/splunk_enterprise_kv_store_incorrect_authorization_splunkd_access.log
new file mode 100644
index 00000000..62aca51e
--- /dev/null
+++ b/datasets/attack_techniques/T1548/splunk/splunk_enterprise_kv_store_incorrect_authorization_splunkd_access.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9e9dbefff77a5afa5a6272e25055f610c1e5bbf9726cd11277d47fec5e494be4
+size 329