diff --git a/datasets/attack_techniques/T1003.002/serioussam/windows-xml.log b/datasets/attack_techniques/T1003.002/serioussam/windows-xml.log
new file mode 100644
index 00000000..e9e39994
--- /dev/null
+++ b/datasets/attack_techniques/T1003.002/serioussam/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5fee45165d56b7dc3d5c3f809b940b9a7daf29e71c71119fc2cc7b6f56518ea4
+size 2347
diff --git a/datasets/attack_techniques/T1018/windows_get_adcomputer_unconstrained_delegation_discovery/windows-xml.log b/datasets/attack_techniques/T1018/windows_get_adcomputer_unconstrained_delegation_discovery/windows-xml.log
new file mode 100644
index 00000000..4498de13
--- /dev/null
+++ b/datasets/attack_techniques/T1018/windows_get_adcomputer_unconstrained_delegation_discovery/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9f2ab5c2ceb0644ad46c00e88b8748cf821d60adc9c4b18e14541939fc51c9ab
+size 942
diff --git a/datasets/attack_techniques/T1018/windows_powerview_constrained_delegation_discovery/windows-xml.log b/datasets/attack_techniques/T1018/windows_powerview_constrained_delegation_discovery/windows-xml.log
new file mode 100644
index 00000000..2f3634f0
--- /dev/null
+++ b/datasets/attack_techniques/T1018/windows_powerview_constrained_delegation_discovery/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ccd53d097b64b76d990ee1fe9d09d7f52401115e4fa5a9116dade6948e1dac56
+size 1872
diff --git a/datasets/attack_techniques/T1053.005/svchost_lolbas_execution_process_spawn/windows-xml.log b/datasets/attack_techniques/T1053.005/svchost_lolbas_execution_process_spawn/windows-xml.log
new file mode 100644
index 00000000..519933fd
--- /dev/null
+++ b/datasets/attack_techniques/T1053.005/svchost_lolbas_execution_process_spawn/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:44d9f8b1c6d7e29221c87bfbc57e72a585d5a04f1d3686d6c012dfb9e587a342
+size 1045277
diff --git a/datasets/attack_techniques/T1053.005/winevent_scheduled_task_created_to_spawn_shell/windows-xml.log b/datasets/attack_techniques/T1053.005/winevent_scheduled_task_created_to_spawn_shell/windows-xml.log
new file mode 100644
index 00000000..89cd4bac
--- /dev/null
+++ b/datasets/attack_techniques/T1053.005/winevent_scheduled_task_created_to_spawn_shell/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a6c0a6f8cfffd860b8c3d41ff37f9b6d926ecd6a00ea1f77358569d39943384e
+size 2829
diff --git a/datasets/attack_techniques/T1059/excessive_distinct_processes_from_windows_temp/windows-xml.log b/datasets/attack_techniques/T1059/excessive_distinct_processes_from_windows_temp/windows-xml.log
new file mode 100644
index 00000000..9dcc6d0f
--- /dev/null
+++ b/datasets/attack_techniques/T1059/excessive_distinct_processes_from_windows_temp/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:344344ba7a13b4137cd286a522e93db5cd5aa616d42e52dcde3d6f76bbca1ebd
+size 191553
diff --git a/datasets/attack_techniques/T1069.002/domain_group_discovery_with_adsisearcher/windows-powershell-xml.log b/datasets/attack_techniques/T1069.002/domain_group_discovery_with_adsisearcher/windows-powershell-xml.log
new file mode 100644
index 00000000..b6a9ce47
--- /dev/null
+++ b/datasets/attack_techniques/T1069.002/domain_group_discovery_with_adsisearcher/windows-powershell-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:32edbee79db9df2970e91ca5ed745da9d899c933e3edb2d345585d783538072f
+size 961
diff --git a/datasets/attack_techniques/T1070.001/suspicious_event_log_service_behavior/windows-xml.log b/datasets/attack_techniques/T1070.001/suspicious_event_log_service_behavior/windows-xml.log
new file mode 100644
index 00000000..12203806
--- /dev/null
+++ b/datasets/attack_techniques/T1070.001/suspicious_event_log_service_behavior/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2e21a593c8d04de1db696bec2e9842360b69ee72ea97e2063a67888e83e8159c
+size 10030
diff --git a/datasets/attack_techniques/T1070.001/suspicious_kerberos_service_ticket_request/windows-xml.log b/datasets/attack_techniques/T1070.001/suspicious_kerberos_service_ticket_request/windows-xml.log
new file mode 100644
index 00000000..21e97e65
--- /dev/null
+++ b/datasets/attack_techniques/T1070.001/suspicious_kerberos_service_ticket_request/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b5accc7e16fb3cda3fe214b45a801420d897b4568298e34adc51e6d7490c0012
+size 1106
diff --git a/datasets/attack_techniques/T1070.001/windows_event_log_cleared/windows-xml.log b/datasets/attack_techniques/T1070.001/windows_event_log_cleared/windows-xml.log
new file mode 100644
index 00000000..810e9188
--- /dev/null
+++ b/datasets/attack_techniques/T1070.001/windows_event_log_cleared/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8c6c3c5100a96914176ad8fa31b20cb63197cb105779588b090bd0c101c05cae
+size 878
diff --git a/datasets/attack_techniques/T1078.002/account_lockout/windows-xml-1.log b/datasets/attack_techniques/T1078.002/account_lockout/windows-xml-1.log
new file mode 100644
index 00000000..5ba122ac
--- /dev/null
+++ b/datasets/attack_techniques/T1078.002/account_lockout/windows-xml-1.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f3ff424967d5e552b604f0b6f743ca5e841c8caa901d9be3ed0b8ddcc879a87e
+size 5407
diff --git a/datasets/attack_techniques/T1078.002/suspicious_computer_account_name_change/windows-xml.log b/datasets/attack_techniques/T1078.002/suspicious_computer_account_name_change/windows-xml.log
new file mode 100644
index 00000000..2b112dd0
--- /dev/null
+++ b/datasets/attack_techniques/T1078.002/suspicious_computer_account_name_change/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2ae30662d9290b21e69d3f936844766e82ddda30e469254f03816eabd44afac8
+size 53725
diff --git a/datasets/attack_techniques/T1078.002/suspicious_ticket_granting_ticket_request/windows-xml.log b/datasets/attack_techniques/T1078.002/suspicious_ticket_granting_ticket_request/windows-xml.log
new file mode 100644
index 00000000..ac5922ed
--- /dev/null
+++ b/datasets/attack_techniques/T1078.002/suspicious_ticket_granting_ticket_request/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5a71aea282ca70e9730f04364578b41fed2849a5e73e0198b70913f53c7e3dc4
+size 4574
diff --git a/datasets/attack_techniques/T1087/enumerate_users_local_group_using_telegram/windows-xml.log b/datasets/attack_techniques/T1087/enumerate_users_local_group_using_telegram/windows-xml.log
new file mode 100644
index 00000000..f0458e5f
--- /dev/null
+++ b/datasets/attack_techniques/T1087/enumerate_users_local_group_using_telegram/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a5279b6df59f822656b44729bd00c337bec2925047438734495da45010feaa27
+size 74284
diff --git a/datasets/attack_techniques/T1187/petitpotam/windows-xml-1.log b/datasets/attack_techniques/T1187/petitpotam/windows-xml-1.log
new file mode 100644
index 00000000..72a5283f
--- /dev/null
+++ b/datasets/attack_techniques/T1187/petitpotam/windows-xml-1.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d4a6406499d7921ae8b6abab5d82cd1542f7ff3bd9e494d64c6be9b8b88cbb6d
+size 1166
diff --git a/datasets/attack_techniques/T1187/petitpotam/windows-xml.log b/datasets/attack_techniques/T1187/petitpotam/windows-xml.log
new file mode 100644
index 00000000..bfb015af
--- /dev/null
+++ b/datasets/attack_techniques/T1187/petitpotam/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2c823041c620c8ddeeb47e99e94134ebf6ec8bc173cee9ac3bc5c80fc399c02d
+size 204916
diff --git a/datasets/attack_techniques/T1490/known_services_killed_by_ransomware/windows-xml.log b/datasets/attack_techniques/T1490/known_services_killed_by_ransomware/windows-xml.log
new file mode 100644
index 00000000..41ecfb5c
--- /dev/null
+++ b/datasets/attack_techniques/T1490/known_services_killed_by_ransomware/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:25bdf63c8ae037553f385770e07ee0b16fd12decc420845fd10d31d004e05fa6
+size 2200635
diff --git a/datasets/attack_techniques/T1537/high_frequency_copy_of_files_in_network_share/windows-xml.log b/datasets/attack_techniques/T1537/high_frequency_copy_of_files_in_network_share/windows-xml.log
new file mode 100644
index 00000000..af5b62bf
--- /dev/null
+++ b/datasets/attack_techniques/T1537/high_frequency_copy_of_files_in_network_share/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e21a1fb8a7fd9f6d9c56c767a6afe887b75ff6a4c27084da64407164d69de522
+size 53738
diff --git a/datasets/attack_techniques/T1543.003/windows_krbrelayup_service_creation/windows-xml.log b/datasets/attack_techniques/T1543.003/windows_krbrelayup_service_creation/windows-xml.log
new file mode 100644
index 00000000..bc1d55f4
--- /dev/null
+++ b/datasets/attack_techniques/T1543.003/windows_krbrelayup_service_creation/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9e13bad9bf4516f4b96f4db6c97d7eb5a2f3581686f126028ac3cc6fa7f792d1
+size 2781
diff --git a/datasets/attack_techniques/T1547.012/print_reg/windows-xml.log b/datasets/attack_techniques/T1547.012/print_reg/windows-xml.log
new file mode 100644
index 00000000..d62ccde4
--- /dev/null
+++ b/datasets/attack_techniques/T1547.012/print_reg/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cfacf575e1cf64fe6db6dc6ca2e1d5ffb3e5e5c531289dced837a1e4682c2221
+size 10161
diff --git a/datasets/attack_techniques/T1550/kerberos_tgt_request_using_rc4_encryption/windows-xml.log b/datasets/attack_techniques/T1550/kerberos_tgt_request_using_rc4_encryption/windows-xml.log
new file mode 100644
index 00000000..9db79598
--- /dev/null
+++ b/datasets/attack_techniques/T1550/kerberos_tgt_request_using_rc4_encryption/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3a13b5380b75184d34fe181d4c5ae5a94bf7bf5a671c3a320ebf0c7b738c5ffc
+size 1173
diff --git a/datasets/attack_techniques/T1555/non_chrome_process_accessing_chrome_default_dir/windows-xml.log b/datasets/attack_techniques/T1555/non_chrome_process_accessing_chrome_default_dir/windows-xml.log
new file mode 100644
index 00000000..ff27405d
--- /dev/null
+++ b/datasets/attack_techniques/T1555/non_chrome_process_accessing_chrome_default_dir/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f8cfe7081aaf210146945fe0fa68a8aea843c3b08149172a0147b0065722a3e8
+size 3678
diff --git a/datasets/attack_techniques/T1558.001/kerberos_service_ticket_request_using_rc4_encryption/windows-xml.log b/datasets/attack_techniques/T1558.001/kerberos_service_ticket_request_using_rc4_encryption/windows-xml.log
new file mode 100644
index 00000000..6af09dcc
--- /dev/null
+++ b/datasets/attack_techniques/T1558.001/kerberos_service_ticket_request_using_rc4_encryption/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:841b4bc0bf673cd879d632a521f417362fa31e686f37dd742cede4dae6a66bd4
+size 1106
diff --git a/datasets/attack_techniques/T1558.003/kerberoasting_spn_request_with_rc4_encryption/windows-xml.log b/datasets/attack_techniques/T1558.003/kerberoasting_spn_request_with_rc4_encryption/windows-xml.log
new file mode 100644
index 00000000..4007eaed
--- /dev/null
+++ b/datasets/attack_techniques/T1558.003/kerberoasting_spn_request_with_rc4_encryption/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fd4d9e35bd90964710a2f67bd90476ac69301310256bb319b16662aa04821d79
+size 1127
diff --git a/datasets/attack_techniques/T1558.003/unusual_number_of_kerberos_service_tickets_requested/windows-xml.log b/datasets/attack_techniques/T1558.003/unusual_number_of_kerberos_service_tickets_requested/windows-xml.log
new file mode 100644
index 00000000..0c99bf59
--- /dev/null
+++ b/datasets/attack_techniques/T1558.003/unusual_number_of_kerberos_service_tickets_requested/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c316210debb5165cfc8ecf07a8dc3e0ddba54dce7901c3e848dc665e27e6cdae
+size 174287
diff --git a/datasets/attack_techniques/T1558/windows_computer_account_created_by_computer_account/windows-xml.log b/datasets/attack_techniques/T1558/windows_computer_account_created_by_computer_account/windows-xml.log
new file mode 100644
index 00000000..33209279
--- /dev/null
+++ b/datasets/attack_techniques/T1558/windows_computer_account_created_by_computer_account/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b97d044264c5851e38e231d8b78f0640c65b1bdcdf7603568aac396d44f83af8
+size 1883
diff --git a/datasets/attack_techniques/T1558/windows_computer_account_requesting_kerberos_ticket/windows-xml.log b/datasets/attack_techniques/T1558/windows_computer_account_requesting_kerberos_ticket/windows-xml.log
new file mode 100644
index 00000000..9f662552
--- /dev/null
+++ b/datasets/attack_techniques/T1558/windows_computer_account_requesting_kerberos_ticket/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bb71e27465ef59d446e702a2aef8eef81216018cc23a6acce31e321e0661d099
+size 48509
diff --git a/datasets/attack_techniques/T1558/windows_computer_account_with_spn/windows-xml.log b/datasets/attack_techniques/T1558/windows_computer_account_with_spn/windows-xml.log
new file mode 100644
index 00000000..33209279
--- /dev/null
+++ b/datasets/attack_techniques/T1558/windows_computer_account_with_spn/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b97d044264c5851e38e231d8b78f0640c65b1bdcdf7603568aac396d44f83af8
+size 1883
diff --git a/datasets/attack_techniques/T1558/windows_kerberos_local_successful_logon/windows-xml.log b/datasets/attack_techniques/T1558/windows_kerberos_local_successful_logon/windows-xml.log
new file mode 100644
index 00000000..e5e3ad9e
--- /dev/null
+++ b/datasets/attack_techniques/T1558/windows_kerberos_local_successful_logon/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e69fc32bb7ec626f5580cb84aefe09244472bb500c84572a800856c5842a0e11
+size 5303
diff --git a/datasets/attack_techniques/T1562.001/powershell_windows_defender_exclusion_commands/windows-xml.log b/datasets/attack_techniques/T1562.001/powershell_windows_defender_exclusion_commands/windows-xml.log
new file mode 100644
index 00000000..9ef48540
--- /dev/null
+++ b/datasets/attack_techniques/T1562.001/powershell_windows_defender_exclusion_commands/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5588af068a93d3d28e75834bd792c60da031db84498a4c3d067d457a6f3c2b8b
+size 958
diff --git a/datasets/attack_techniques/T1562.001/windows_excessive_disabled_services_event/windows-xml.log b/datasets/attack_techniques/T1562.001/windows_excessive_disabled_services_event/windows-xml.log
new file mode 100644
index 00000000..f4550ad9
--- /dev/null
+++ b/datasets/attack_techniques/T1562.001/windows_excessive_disabled_services_event/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9cc9905769ac08975f4f9276161049bd44be029ede598b04ea74503e04a82906
+size 46060
diff --git a/datasets/attack_techniques/T1563.002/windows_rdp_connection_successful/windows-xml.log b/datasets/attack_techniques/T1563.002/windows_rdp_connection_successful/windows-xml.log
new file mode 100644
index 00000000..d8719730
--- /dev/null
+++ b/datasets/attack_techniques/T1563.002/windows_rdp_connection_successful/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:75dd2fdc15dd51d00a7a708ad85ca4fcbf4622a172ae51a6397e968c2d2b8a82
+size 2576
diff --git a/datasets/attack_techniques/T1569.002/malicious_powershell_executed_as_a_service/windows-xml.log b/datasets/attack_techniques/T1569.002/malicious_powershell_executed_as_a_service/windows-xml.log
new file mode 100644
index 00000000..ed7021b2
--- /dev/null
+++ b/datasets/attack_techniques/T1569.002/malicious_powershell_executed_as_a_service/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:17ecd8e5711484349afaa259d7b1167a360370dd9c417c3fb52d1dbf1ab792c3
+size 2801
diff --git a/datasets/attack_techniques/T1569.002/windows_service_created_with_suspicious_service_path/windows-xml.log b/datasets/attack_techniques/T1569.002/windows_service_created_with_suspicious_service_path/windows-xml.log
new file mode 100644
index 00000000..25fa6e3f
--- /dev/null
+++ b/datasets/attack_techniques/T1569.002/windows_service_created_with_suspicious_service_path/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e53292f778590f2661d8b6874e89590d02587ff14ca632e04a236259e38a679b
+size 1816
diff --git a/datasets/attack_techniques/T1589.002/kerberos_user_enumeration/windows-xml.log b/datasets/attack_techniques/T1589.002/kerberos_user_enumeration/windows-xml.log
new file mode 100644
index 00000000..66ce0106
--- /dev/null
+++ b/datasets/attack_techniques/T1589.002/kerberos_user_enumeration/windows-xml.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e9d5b9349bc3a1785a3105fc142e3add2ec51432726679541f068ec6f2e56a5f
+size 24598