How do we collect the right data for the detection of specific adversarial techniques?" That is a very important and common question for organizations planning on leveraging ATT&CK for their defensive strategy. One approach might be reading the data sources metadata available per each technique in the ATT&CK framework. That is a good first step, and it is already helping organizations to integrate the framework with their current security controls. However, as you go deeper into the specific recommended data sources per technique, it is very important to understand that not every technique variation requires the same data sources. In addition, there needs to be a way to validate if what we are collecting aligns with the data analytics being created. In this talk, we will share our current experiences contributing to the "Data Sources" section of ATT&CK framework and the Cyber Analytics Repository (CAR) project. We will show how to use pre-captured datasets from our open source project named Mordor to expedite simulation of adversarial techniques and validation of data analytics. In addition, we will show how we leverage Jupyter Notebooks to develop and test data analytics from projects like CAR to finish the validation process and provide recommendations