diff --git a/datasets/attack_techniques/T1204/kubernetes_unauthorized_access/kubernetes_unauthorized_access.json b/datasets/attack_techniques/T1204/kubernetes_unauthorized_access/kubernetes_unauthorized_access.json
new file mode 100644
index 00000000..e168338e
--- /dev/null
+++ b/datasets/attack_techniques/T1204/kubernetes_unauthorized_access/kubernetes_unauthorized_access.json
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dff87213032a06345d98bac6b26f7486080e17b9e744f38b2bf6553bc0bae65f
+size 1357
diff --git a/datasets/attack_techniques/T1204/kubernetes_unauthorized_access/kubernetes_unauthorized_access.yml b/datasets/attack_techniques/T1204/kubernetes_unauthorized_access/kubernetes_unauthorized_access.yml
new file mode 100644
index 00000000..08c2d615
--- /dev/null
+++ b/datasets/attack_techniques/T1204/kubernetes_unauthorized_access/kubernetes_unauthorized_access.yml
@@ -0,0 +1,11 @@
+author: Patrick Bareiss
+id: 4db6594e-9e8c-4223-8681-262d06b4b4d3
+date: '2023-12-07'
+description: Kubernetes audit logs which contains a forbidden access to a namespace.
+environment: attack_range
+dataset:
+- https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/attack_techniques/T1204/kubernetes_unauthorized_access/kubernetes_unauthorized_access.json
+sourcetypes:
+- aws:cloudwatchlogs
+references:
+- https://attack.mitre.org/techniques/T1204