diff --git a/datasets/cisco_secure_access/firewall/firewall.yml b/datasets/cisco_secure_access/firewall/firewall.yml
index b701f0e3..b3fc3364 100644
--- a/datasets/cisco_secure_access/firewall/firewall.yml
+++ b/datasets/cisco_secure_access/firewall/firewall.yml
@@ -30,4 +30,4 @@ datasets:
 - name: smb
   path: /datasets/cisco_secure_access/firewall/smb.log
   source: cisco_cloud_security_addon
-  sourcetype: cisco:cloud_security:firewall
+  sourcetype: cisco:cloud_security:firewall
\ No newline at end of file
diff --git a/datasets/cisco_secure_access/ravpn/ravpn.yml b/datasets/cisco_secure_access/ravpn/ravpn.yml
new file mode 100644
index 00000000..cdb5484e
--- /dev/null
+++ b/datasets/cisco_secure_access/ravpn/ravpn.yml
@@ -0,0 +1,14 @@
+author: Bhavin Patel, Splunk
+id: 8b2f4c1e-9a0d-4e8b-b7c3-1d2e3f4a5b6c
+date: '2026-04-27'
+description: |
+  This dataset is based on the Cisco Secure Access RAVPN security event schema and the data here is generated from various simulated activities in a controlled lab environment.
+environment: custom
+directory: cisco_secure_access/ravpn
+mitre_technique:
+  - T1110
+datasets:
+  - name: ravpn_high_auth_failures
+    path: /datasets/cisco_secure_access/ravpn/ravpn_high_auth_failures.log
+    source: not_applicable
+    sourcetype: cisco:secure_access:security_events_ravpn
diff --git a/datasets/cisco_secure_access/ravpn/ravpn_high_auth_failures.log b/datasets/cisco_secure_access/ravpn/ravpn_high_auth_failures.log
new file mode 100644
index 00000000..4c2dbb84
--- /dev/null
+++ b/datasets/cisco_secure_access/ravpn/ravpn_high_auth_failures.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:97ad279dd45620c84cd4e51e25a5158c65d0d7a034e5f532bfc611fcff17391d
+size 47899