diff --git a/datasets/attack_techniques/T1068/bluehammer/bluehammer.yml b/datasets/attack_techniques/T1068/bluehammer/bluehammer.yml
index 96721461..ef45bcdd 100644
--- a/datasets/attack_techniques/T1068/bluehammer/bluehammer.yml
+++ b/datasets/attack_techniques/T1068/bluehammer/bluehammer.yml
@@ -4,7 +4,7 @@ date: '2026-04-27'
 description: Generated datasets for Bluehammer privilege escalation
     in attack range.
 environment: attack_range
-directory: snapattack
+directory: bluehammer
 mitre_technique:
 - T1068
 datasets:
diff --git a/datasets/attack_techniques/T1068/redsun/redsun.yml b/datasets/attack_techniques/T1068/redsun/redsun.yml
new file mode 100644
index 00000000..188bf4ce
--- /dev/null
+++ b/datasets/attack_techniques/T1068/redsun/redsun.yml
@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: eaa5b8b2-ca4e-4a9d-a8fd-5dfe2d91a8c8
+date: '2026-05-01'
+description: Generated datasets for RedSun privilege escalation
+    in attack range.
+environment: attack_range
+directory: redsun
+mitre_technique:
+- T1068
+datasets:
+-   name: windows-sysmon
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
+    path: /datasets/attack_techniques/T1068/redsun/windows-sysmon.log
diff --git a/datasets/attack_techniques/T1068/redsun/windows-sysmon.log b/datasets/attack_techniques/T1068/redsun/windows-sysmon.log
new file mode 100644
index 00000000..3e0d320e
--- /dev/null
+++ b/datasets/attack_techniques/T1068/redsun/windows-sysmon.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:458836f3c5dbdc2975b78c46925a40da9d754cfc61706880a87e2f7350aace1b
+size 8455