Following the MITRE ATT&CK™ Evaluation of endpoint detection and response (EDR) solutions, I’ve heard a lot of confusion surrounding the various terms MITRE used, particularly the terms “detections,” “telemetry” and the qualifier “tainted,” which MITRE applied to certain types of telemetry they observed in their evaluation. Each of these terms represents a very different type of data, and each plays a critical role in a successful EDR solution.

https://www.crowdstrike.com/blog/mitre-attck-why-detections-and-tainted-telemetry-are-required-for-an-effective-edr-solution/