diff --git a/datasets/attack_techniques/T1562.001/cisco_secure_endpoint_tampering/cisco_secure_endpoint_tampering.yml b/datasets/attack_techniques/T1562.001/cisco_secure_endpoint_tampering/cisco_secure_endpoint_tampering.yml
index 9bd53f6b..194882a2 100644
--- a/datasets/attack_techniques/T1562.001/cisco_secure_endpoint_tampering/cisco_secure_endpoint_tampering.yml
+++ b/datasets/attack_techniques/T1562.001/cisco_secure_endpoint_tampering/cisco_secure_endpoint_tampering.yml
@@ -1,10 +1,11 @@
 author: Nasreddine Bencherchali, Splunk
 id: 98e9387e-4aab-4e59-8e17-2a33b74a8d69
 date: '2025-01-08'
-description: Generated dataset for abusing the sfc.exe binary in order to tamper with Cisco Secure Endpoint.
+description: Generated dataset for abusing Cisco Secure Endpoint "sfc.exe" binary in order to tamper with Cisco Secure Endpoint services and features as well a dataset for tampering with Secure Endpoint services.
 environment: attack_range
 dataset:
 - https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1562.001/cisco_secure_endpoint_tampering/sfc_tampering.log
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1562.001/cisco_secure_endpoint_tampering/service_stop.log
 sourcetypes:
 - XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
 references:
diff --git a/datasets/attack_techniques/T1562.001/cisco_secure_endpoint_tampering/service_stop.log b/datasets/attack_techniques/T1562.001/cisco_secure_endpoint_tampering/service_stop.log
new file mode 100644
index 00000000..88c5688b
--- /dev/null
+++ b/datasets/attack_techniques/T1562.001/cisco_secure_endpoint_tampering/service_stop.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4bc5b5685a35eeea435098ba176cf82366895ed5c85c155807aad834564b0079
+size 2343