From 919bd1d5787fb6ede2f618dbecf4ed75f2d1f73b Mon Sep 17 00:00:00 2001
From: Teoderick Contreras <tcontreras@splunk.com>
Date: Thu, 12 Mar 2026 15:45:45 +0100
Subject: [PATCH] quietvault

---
 .../T1480/ai_cli_override/ai_cli_override.yml       | 13 +++++++++++++
 .../T1480/ai_cli_override/gemini_yolo.log           |  3 +++
 2 files changed, 16 insertions(+)
 create mode 100644 datasets/attack_techniques/T1480/ai_cli_override/ai_cli_override.yml
 create mode 100644 datasets/attack_techniques/T1480/ai_cli_override/gemini_yolo.log

diff --git a/datasets/attack_techniques/T1480/ai_cli_override/ai_cli_override.yml b/datasets/attack_techniques/T1480/ai_cli_override/ai_cli_override.yml
new file mode 100644
index 00000000..b44a7020
--- /dev/null
+++ b/datasets/attack_techniques/T1480/ai_cli_override/ai_cli_override.yml
@@ -0,0 +1,13 @@
+author: Teoderick Contreras, Splunk
+id: e37858dc-1e21-11f1-b9d8-629be353806a
+date: '2026-03-12'
+description: Generated datasets for ai cli override in attack range.
+environment: attack_range
+directory: ai_cli_override
+mitre_technique:
+- T1480
+datasets:
+- name: gemini_yolo.log
+  path: /datasets/attack_techniques/T1480/ai_cli_override/gemini_yolo.log
+  sourcetype: 'auditd'
+  source: 'auditd'
\ No newline at end of file
diff --git a/datasets/attack_techniques/T1480/ai_cli_override/gemini_yolo.log b/datasets/attack_techniques/T1480/ai_cli_override/gemini_yolo.log
new file mode 100644
index 00000000..d0f5719d
--- /dev/null
+++ b/datasets/attack_techniques/T1480/ai_cli_override/gemini_yolo.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8ff57a0cf97bd38b134f4c718713ac77e9221be8107c01df5e4e810b60107d89
+size 1629