Live Active security incident? Get immediate response
MITRE ATT&CK® Dictionary

What is sub-technique in MITRE ATT&CK®?

A sub-technique is a more specific variation of an ATT&CK technique. It gives defenders additional precision when a broad behavior, such as command execution, has important platform or tradecraft-specific forms.

40-second answer

A sub-technique is a more specific variation of an ATT&CK technique. It gives defenders additional precision when a broad behavior, such as command execution, has important platform or tradecraft-specific forms.

Glexia analyst context

How this term helps security teams

Sub-techniques help Glexia separate generic coverage claims from measurable detection and telemetry requirements.

Common use cases

Where practitioners use this concept

  • Control validation
  • Telemetry requirements
  • Threat-informed testing
Source and licensing

Source: MITRE ATT&CK®. © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. Glexia is not affiliated with or endorsed by MITRE.

Official MITRE ATT&CK site Official STIX data repository MITRE ATT&CK terms of use