From 8593d947fbd8c0114aae25a031b3709b31c4640a Mon Sep 17 00:00:00 2001
From: Raven Tait <rmtait@cisco.com>
Date: Thu, 26 Feb 2026 13:03:49 -0500
Subject: [PATCH] Add aditional mac data

---
 .../T1553.001/osquery_gatekeeper/osquery.log         |  3 +++
 .../T1553.001/osquery_gatekeeper/osquery.yml         | 12 ++++++++++++
 2 files changed, 15 insertions(+)
 create mode 100644 datasets/attack_techniques/T1553.001/osquery_gatekeeper/osquery.log
 create mode 100644 datasets/attack_techniques/T1553.001/osquery_gatekeeper/osquery.yml

diff --git a/datasets/attack_techniques/T1553.001/osquery_gatekeeper/osquery.log b/datasets/attack_techniques/T1553.001/osquery_gatekeeper/osquery.log
new file mode 100644
index 00000000..559256b4
--- /dev/null
+++ b/datasets/attack_techniques/T1553.001/osquery_gatekeeper/osquery.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5f649d969aeeb867bd77d0b8412533f832a76ce0f676b24b53426d514273a528
+size 3403
diff --git a/datasets/attack_techniques/T1553.001/osquery_gatekeeper/osquery.yml b/datasets/attack_techniques/T1553.001/osquery_gatekeeper/osquery.yml
new file mode 100644
index 00000000..99d9ddeb
--- /dev/null
+++ b/datasets/attack_techniques/T1553.001/osquery_gatekeeper/osquery.yml
@@ -0,0 +1,12 @@
+author: Raven Tait
+id: 5eeb597e-c6e4-4bd2-8f1e-809dabfeec54
+date: '2026-02-26'
+description: Generation of Mac OSX techniques logged with osquery
+environment: attack_range
+mitre_technique:
+- T1553.001
+datasets:
+- name: osquery:results
+  sourcetype: osquery:results
+  source: osquery:results
+  path: /datasets/attack_techniques/T1553.001/osquery_gatekeeper/osquery.log
\ No newline at end of file