Questions

[CyberHajime]

I have a few questions about tool. Possibly it's because I'm not so familiar with the whole topic. But I'm not alone here, as I know, and if you will decide to pin the answers somewhere, it will be great!

1. Which file or folder should be imported from .zip baseline (as is obtained form MS site) to have a basiline imported? It's interesting in case we would like to create a custom baseline and import it to the tool.
2. In a video from a hack.lu you showed that only little area of MITRE ATT&CK is supported, but from GUI it seems like the whole matrix is. What are a limitations of working with other parts of matrix? And may be, if they are strict, for example, wrong mapping occured, you can denote this in readme.
3. How exactly do you map ATT&CK tecniques to event IDs? Are you just going case by case, or is there any list with this mapping?
4. Is there any place we can find already imported to the tool YAML files?