diff --git a/datasets/cisco_secure_access/dns/dns.yml b/datasets/cisco_secure_access/dns/dns.yml
index aaa3dddb..6b9e0b8a 100644
--- a/datasets/cisco_secure_access/dns/dns.yml
+++ b/datasets/cisco_secure_access/dns/dns.yml
@@ -1,4 +1,4 @@
-author: Bhavin Patel, Splunk
+author: Mahamudul Chowdhury, Bhavin Patel, Splunk
 id: 9ac78446-a25a-42a5-b022-a01de06752e7
 date: '2026-05-06'
 description: |
diff --git a/datasets/cisco_secure_access/proxy/automated_web_recon_http_errors.log b/datasets/cisco_secure_access/proxy/automated_web_recon_http_errors.log
new file mode 100644
index 00000000..a141a0ec
--- /dev/null
+++ b/datasets/cisco_secure_access/proxy/automated_web_recon_http_errors.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9d54995b5a8189243e2579996f95cc75fa3ef15e20997f4ddc08f24f76f431c2
+size 277033
diff --git a/datasets/cisco_secure_access/proxy/proxy.yml b/datasets/cisco_secure_access/proxy/proxy.yml
new file mode 100644
index 00000000..4f4456c6
--- /dev/null
+++ b/datasets/cisco_secure_access/proxy/proxy.yml
@@ -0,0 +1,15 @@
+author: Mahamudul Chowdhury, Bhavin Patel, Splunk
+id: b25742dd-1536-4173-a3fa-19f1583c834f
+date: '2026-05-08'
+description: |
+  Sample Cisco Secure Access proxy events representing automated web reconnaissance behavior.
+  The dataset includes high-volume HTTP 401/403/404 access errors across many unique URLs from a single source, consistent with directory and content enumeration tooling.
+environment: custom
+directory: cisco_secure_access/proxy
+mitre_technique:
+  - T1595
+datasets:
+  - name: automated_web_recon_http_errors
+    path: /datasets/cisco_secure_access/proxy/automated_web_recon_http_errors.log
+    source: cisco_cloud_security_addon
+    sourcetype: cisco:cloud_security:proxy