RESILMESH-JAMK-SG-Exercise1-Attacks

The dataset consists of realistic but fully synthetic security event telemetry generated within a controlled and isolated cyber range environment during the capacity building activities for Resilmesh Exercise 1. The data represents simulated cybersecurity incident scenarios and associated baseline system behaviour in virtualised IT environments. The dataset is intended to support cybersecurity research, training, and educational activities, including situational awareness, detection engineering, and cyber resilience analysis. The data does not originate from operational systems and does not contain real-world production or personal data. The dataset includes two exercise cases: - Case 1 – Rogue Device: Unauthorized domain join activity and credential-harvesting behaviour in a simulated enterprise environment. Data collected on 12 November 2025. - Case 2 – Ransomware Scenario: A multi-stage intrusion involving initial access, persistence, lateral movement, and simulated ransomware deployment. Data collected on 13 November 2025. - Contact Point: Jamk University of Applied Sciences ResilMesh Project Jyväskylä, Finland Email: kirjaamo@jamk.fi This research was supported by the ResilMesh project, funded by the European Union's Horizon Europe Framework Programme (HORIZON) under grant agreement 101119681. Funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Commission. Neither the European Union nor the granting authority can be held responsible for them.