diff --git a/datasets/attack_techniques/T1491/snapattack/snapattack.log b/datasets/attack_techniques/T1491/snapattack/snapattack.log
new file mode 100644
index 00000000..55abaecf
--- /dev/null
+++ b/datasets/attack_techniques/T1491/snapattack/snapattack.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3dacab92adb8b808d1558ac0b1b9b749e4b00aa7b7581fe6649748817d28a758
+size 4252
diff --git a/datasets/attack_techniques/T1491/snapattack/snapattack.yml b/datasets/attack_techniques/T1491/snapattack/snapattack.yml
new file mode 100644
index 00000000..ae402f5c
--- /dev/null
+++ b/datasets/attack_techniques/T1491/snapattack/snapattack.yml
@@ -0,0 +1,14 @@
+author: Raven Tait, Splunk
+id: 4d3ff572-755b-474d-8239-4989c920ca93
+date: '2026-03-23'
+description: Generated datasets for Windows PowerShell Post Exploitation Common Keywords
+    in attack range.
+environment: attack_range
+directory: snapattack
+mitre_technique:
+- T1491
+datasets:
+-   name: snapattack
+    sourcetype: XmlWinEventLog
+    source: XmlWinEventLog:Security
+    path: /datasets/attack_techniques/T1491/snapattack/snaattack.log