Live Active security incident? Get immediate response
MITRE ATT&CK® Dictionary

What is data source in MITRE ATT&CK®?

An ATT&CK data source describes a category of information that can support detection, such as process, file, network, cloud, or identity telemetry. Data sources help teams identify what evidence is needed to observe a behavior.

40-second answer

An ATT&CK data source describes a category of information that can support detection, such as process, file, network, cloud, or identity telemetry. Data sources help teams identify what evidence is needed to observe a behavior.

Glexia analyst context

How this term helps security teams

Glexia maps data sources to logging gaps, SIEM coverage, and detection engineering priorities.

Common use cases

Where practitioners use this concept

  • SOC telemetry assessment
  • SIEM onboarding
  • Detection coverage mapping
Source and licensing

Source: MITRE ATT&CK®. © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. Glexia is not affiliated with or endorsed by MITRE.

Official MITRE ATT&CK site Official STIX data repository MITRE ATT&CK terms of use