When using Pplunks  security essentials :  MITRE ATT&CK Framework  we are lacking a significant amount of alerts.  we used to have around 1500 in active and 300 ish on needs data; however, overnight drop to the 200 mark total (between active and needs data) .  The following troubleshooting steps have been taken 

1. updated content with the "force update under system configuration".

2. verify communication to the urls (yes it can connect)

3. uninstall and reinstall current SSE version, this cleared the data mapping upon installed it showed  enabled 0-active-0- missing data 1715:

after the weekend it dropped to 0-8-195 

4. After i rebuilt the data inventory  it looked as such:

Here are some SS of the security content:

1. shows content 

2. drop down shows 12 mitre attack platforms but the dropdown is all 0;s

3.  Some times the data sources would show a filter of none. with 1300+  items, like the item below 134,  and sometimes it just doesnt appear. 

4. MITRE map missing from the  configuration tags