added atc-data as submodule

Author: sn0w0tter

.gitmodules

@@ -10,3 +10,6 @@
 [submodule "response/atc_react"]
 	path = response/atc_react
 	url = https://github.com/atc-project/atc-react
+[submodule "data/atc_data"]
+	path = data/atc_data
+	url = https://github.com/atc-project/atc-data

Atomic_Threat_Coverage/Data_Needed/DN_0001_4688_windows_process_creation.md renamed to Atomic_Threat_Coverage/Data_Needed/DN0001_4688_windows_process_creation.md

@@ -1,7 +1,8 @@
-| Title              | DN_0001_4688_windows_process_creation       |
+| Title              | DN0001_4688_windows_process_creation       |
 |:-------------------|:------------------|
+| **Author**         | @atc_project        |
 | **Description**    | Windows process creation log, not including command line |
-| **Logging Policy** | <ul><li>[LP_0001_windows_audit_process_creation](../Logging_Policies/LP_0001_windows_audit_process_creation.md)</li></ul> |
+| **Logging Policy** | <ul><li>[LP0001_windows_audit_process_creation](../Logging_Policies/LP0001_windows_audit_process_creation.md)</li></ul> |
 | **References**     | <ul><li>[https://github.com/MicrosoftDocs/windows-itpro-docs/blob/95b9d7c01805839c067e352d1d16702604b15f11/windows/security/threat-protection/auditing/event-4688.md](https://github.com/MicrosoftDocs/windows-itpro-docs/blob/95b9d7c01805839c067e352d1d16702604b15f11/windows/security/threat-protection/auditing/event-4688.md)</li></ul> |
 | **Platform**       | Windows    |
 | **Type**           | Windows Log        |

Atomic_Threat_Coverage/Data_Needed/DN_0002_4688_windows_process_creation_with_commandline.md renamed to Atomic_Threat_Coverage/Data_Needed/DN0002_4688_windows_process_creation_with_commandline.md

@@ -1,7 +1,8 @@
-| Title              | DN_0002_4688_windows_process_creation_with_commandline       |
+| Title              | DN0002_4688_windows_process_creation_with_commandline       |
 |:-------------------|:------------------|
+| **Author**         | @atc_project        |
 | **Description**    | Windows process creation log, including command line |
-| **Logging Policy** | <ul><li>[LP_0001_windows_audit_process_creation](../Logging_Policies/LP_0001_windows_audit_process_creation.md)</li><li>[LP_0002_windows_audit_process_creation_with_commandline](../Logging_Policies/LP_0002_windows_audit_process_creation_with_commandline.md)</li></ul> |
+| **Logging Policy** | <ul><li>[LP0001_windows_audit_process_creation](../Logging_Policies/LP0001_windows_audit_process_creation.md)</li><li>[LP0002_windows_audit_process_creation_with_commandline](../Logging_Policies/LP0002_windows_audit_process_creation_with_commandline.md)</li></ul> |
 | **References**     | <ul><li>[https://github.com/MicrosoftDocs/windows-itpro-docs/blob/95b9d7c01805839c067e352d1d16702604b15f11/windows/security/threat-protection/auditing/event-4688.md](https://github.com/MicrosoftDocs/windows-itpro-docs/blob/95b9d7c01805839c067e352d1d16702604b15f11/windows/security/threat-protection/auditing/event-4688.md)</li></ul> |
 | **Platform**       | Windows    |
 | **Type**           | Windows Log        |

Atomic_Threat_Coverage/Data_Needed/DN_0003_1_windows_sysmon_process_creation.md renamed to Atomic_Threat_Coverage/Data_Needed/DN0003_1_windows_sysmon_process_creation.md

@@ -1,7 +1,8 @@
-| Title              | DN_0003_1_windows_sysmon_process_creation       |
+| Title              | DN0003_1_windows_sysmon_process_creation       |
 |:-------------------|:------------------|
+| **Author**         | @atc_project        |
 | **Description**    | Windows process creation log, including command line |
-| **Logging Policy** | <ul><li>[LP_0003_windows_sysmon_process_creation](../Logging_Policies/LP_0003_windows_sysmon_process_creation.md)</li></ul> |
+| **Logging Policy** | <ul><li>[LP0003_windows_sysmon_process_creation](../Logging_Policies/LP0003_windows_sysmon_process_creation.md)</li></ul> |
 | **References**     | <ul><li>[https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=90001](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=90001)</li></ul> |
 | **Platform**       | Windows    |
 | **Type**           | Applications and Services Logs        |

Atomic_Threat_Coverage/Data_Needed/DN_0004_4624_windows_account_logon.md renamed to Atomic_Threat_Coverage/Data_Needed/DN0004_4624_windows_account_logon.md

@@ -1,7 +1,8 @@
-| Title              | DN_0004_4624_windows_account_logon       |
+| Title              | DN0004_4624_windows_account_logon       |
 |:-------------------|:------------------|
+| **Author**         | @atc_project        |
 | **Description**    | An account was successfully logged on |
-| **Logging Policy** | <ul><li>[LP_0004_windows_audit_logon](../Logging_Policies/LP_0004_windows_audit_logon.md)</li></ul> |
+| **Logging Policy** | <ul><li>[LP0004_windows_audit_logon](../Logging_Policies/LP0004_windows_audit_logon.md)</li></ul> |
 | **References**     | <ul><li>[https://github.com/MicrosoftDocs/windows-itpro-docs/blob/95b9d7c01805839c067e352d1d16702604b15f11/windows/security/threat-protection/auditing/event-4624.md](https://github.com/MicrosoftDocs/windows-itpro-docs/blob/95b9d7c01805839c067e352d1d16702604b15f11/windows/security/threat-protection/auditing/event-4624.md)</li></ul> |
 | **Platform**       | Windows    |
 | **Type**           | Windows Log        |

Atomic_Threat_Coverage/Data_Needed/DN_0005_7045_windows_service_insatalled.md renamed to Atomic_Threat_Coverage/Data_Needed/DN0005_7045_windows_service_insatalled.md

@@ -1,5 +1,6 @@
-| Title              | DN_0005_7045_windows_service_insatalled       |
+| Title              | DN0005_7045_windows_service_insatalled       |
 |:-------------------|:------------------|
+| **Author**         | @atc_project        |
 | **Description**    | A service was installed in the system |
 | **Logging Policy** | <ul><li> Not existing </li></ul> |
 | **References**     | <ul><li>[None](None)</li></ul> |

Atomic_Threat_Coverage/Data_Needed/DN_0006_2_windows_sysmon_process_changed_a_file_creation_time.md renamed to Atomic_Threat_Coverage/Data_Needed/DN0006_2_windows_sysmon_process_changed_a_file_creation_time.md

@@ -1,5 +1,6 @@
-| Title              | DN_0006_2_windows_sysmon_process_changed_a_file_creation_time       |
+| Title              | DN0006_2_windows_sysmon_process_changed_a_file_creation_time       |
 |:-------------------|:------------------|
+| **Author**         | @atc_project        |
 | **Description**    | Explicit modification of file creation timestamp by a process |
 | **Logging Policy** | <ul><li> Not existing </li></ul> |
 | **References**     | <ul><li>[https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=90002](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=90002)</li><li>[https://github.com/Cyb3rWard0g/OSSEM/blob/master/data_dictionaries/windows/sysmon/event-2.md](https://github.com/Cyb3rWard0g/OSSEM/blob/master/data_dictionaries/windows/sysmon/event-2.md)</li></ul> |

Atomic_Threat_Coverage/Data_Needed/DN_0007_3_windows_sysmon_network_connection.md renamed to Atomic_Threat_Coverage/Data_Needed/DN0007_3_windows_sysmon_network_connection.md

@@ -1,7 +1,8 @@
-| Title              | DN_0007_3_windows_sysmon_network_connection       |
+| Title              | DN0007_3_windows_sysmon_network_connection       |
 |:-------------------|:------------------|
+| **Author**         | @atc_project        |
 | **Description**    | TCP/UDP connections made by a process |
-| **Logging Policy** | <ul><li>[LP_0005_windows_sysmon_network_connection](../Logging_Policies/LP_0005_windows_sysmon_network_connection.md)</li></ul> |
+| **Logging Policy** | <ul><li>[LP0005_windows_sysmon_network_connection](../Logging_Policies/LP0005_windows_sysmon_network_connection.md)</li></ul> |
 | **References**     | <ul><li>[https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=90003](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=90003)</li><li>[https://github.com/Cyb3rWard0g/OSSEM/blob/master/data_dictionaries/windows/sysmon/event-3.md](https://github.com/Cyb3rWard0g/OSSEM/blob/master/data_dictionaries/windows/sysmon/event-3.md)</li></ul> |
 | **Platform**       | Windows    |
 | **Type**           | Applications and Services Logs        |

Atomic_Threat_Coverage/Data_Needed/DN_0008_4_windows_sysmon_sysmon_service_state_changed.md renamed to Atomic_Threat_Coverage/Data_Needed/DN0008_4_windows_sysmon_sysmon_service_state_changed.md

@@ -1,5 +1,6 @@
-| Title              | DN_0008_4_windows_sysmon_sysmon_service_state_changed       |
+| Title              | DN0008_4_windows_sysmon_sysmon_service_state_changed       |
 |:-------------------|:------------------|
+| **Author**         | @atc_project        |
 | **Description**    | Sysmon service changed status |
 | **Logging Policy** | <ul><li> Not existing </li></ul> |
 | **References**     | <ul><li>[https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=90004](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=90004)</li><li>[https://github.com/Cyb3rWard0g/OSSEM/blob/master/data_dictionaries/windows/sysmon/event-4.md](https://github.com/Cyb3rWard0g/OSSEM/blob/master/data_dictionaries/windows/sysmon/event-4.md)</li></ul> |

Atomic_Threat_Coverage/Data_Needed/DN_0009_5_windows_sysmon_process_terminated.md renamed to Atomic_Threat_Coverage/Data_Needed/DN0009_5_windows_sysmon_process_terminated.md

@@ -1,5 +1,6 @@
-| Title              | DN_0009_5_windows_sysmon_process_terminated       |
+| Title              | DN0009_5_windows_sysmon_process_terminated       |
 |:-------------------|:------------------|
+| **Author**         | @atc_project        |
 | **Description**    | Process has been terminated |
 | **Logging Policy** | <ul><li> Not existing </li></ul> |
 | **References**     | <ul><li>[https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=90005](https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=90005)</li></ul> |