From c52f5bce8a83b8da6d42d44ba210eec5c5999e19 Mon Sep 17 00:00:00 2001
From: nasbench <nasreddineb@splunk.com>
Date: Sun, 14 Jun 2026 22:50:45 +0200
Subject: [PATCH] add windchill sample

---
 datasets/emerging_threats/windchill/windchill.yml   | 13 +++++++++++++
 .../windchill/windchill_exploitation.log            |  3 +++
 2 files changed, 16 insertions(+)
 create mode 100644 datasets/emerging_threats/windchill/windchill.yml
 create mode 100644 datasets/emerging_threats/windchill/windchill_exploitation.log

diff --git a/datasets/emerging_threats/windchill/windchill.yml b/datasets/emerging_threats/windchill/windchill.yml
new file mode 100644
index 00000000..614f18be
--- /dev/null
+++ b/datasets/emerging_threats/windchill/windchill.yml
@@ -0,0 +1,13 @@
+author: Nasreddine Bencherchali, Splunk
+id: 7da0e3c4-aa21-40ef-9aed-9f291cb89618
+date: '2026-06-14'
+description: Generated datasets for WindChill exploitation CVE-2026-4681
+environment: NA
+directory: windchill
+mitre_technique:
+- T1190
+datasets:
+- name: windchill_exploitation
+  path: /datasets/emerging_threats/windchill/windchill_exploitation.log
+  sourcetype: log4j
+  source: not_applicable
diff --git a/datasets/emerging_threats/windchill/windchill_exploitation.log b/datasets/emerging_threats/windchill/windchill_exploitation.log
new file mode 100644
index 00000000..208eac75
--- /dev/null
+++ b/datasets/emerging_threats/windchill/windchill_exploitation.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1cd94dc05cc73af1ccb4e815a1469e81667ba22a4d675f045265c507bce4b5ba
+size 5433