diff --git a/datasets/attack_techniques/T1552.007/kube_audit_get_secret/kube_audit_get_secret.json b/datasets/attack_techniques/T1552.007/kube_audit_get_secret/kube_audit_get_secret.json
new file mode 100644
index 00000000..ff725f68
--- /dev/null
+++ b/datasets/attack_techniques/T1552.007/kube_audit_get_secret/kube_audit_get_secret.json
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:12e4ca13e4ae923196ce639243f927f9a22dfaf442be1d4e39f820b16f229ab4
+size 1020
diff --git a/datasets/attack_techniques/T1552.007/kube_audit_get_secret/kube_audit_get_secret.yml b/datasets/attack_techniques/T1552.007/kube_audit_get_secret/kube_audit_get_secret.yml
new file mode 100644
index 00000000..e95a1cef
--- /dev/null
+++ b/datasets/attack_techniques/T1552.007/kube_audit_get_secret/kube_audit_get_secret.yml
@@ -0,0 +1,11 @@
+author: Patrick Bareiss
+id: eeb520c4-bdea-4b79-a13e-6d7036e6ddc2
+date: '2023-12-06'
+description: Kubernetes audit log to retrieve a secret from k8s.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1552.007/kube_audit_get_secret/kube_audit_get_secret.json
+sourcetypes:
+- aws:cloudwatchlogs
+references:
+- https://attack.mitre.org/techniques/T1552/007/