I'm really sorry if this seems like a stupid question, but.. what does this actually do? I've installed it, tried out some pretend scenarios, got info on what the adversary might be doing, and past exploits that used the same techniques. Then what? I seem to exit with little to no new information than I entered the app with.

Hi @jasonculligan,
No worries - not a stupid question at all!

Decider ultimately tries to make the process of mapping to the ATT&CK® Framework easier.
By offering:

• A question tree with pagination of results (structures your progress)
• Technique search + filtering options
• Suggestions of other techniques that may have occurred

Decider does not intend to replace the ATT&CK site - but rather, it acts as a complementary tool that leads you there in the end.

Armed with mappings - one can:

• View Mitigations that impede / prevent such attack vectors
• View methods of Detection for such activities
• Communicate observed behaviors
• (on Navigator) View the overlap of attack activities against:
  • Their ability to detect / defend against techniques
  • Techniques commonly used by APTs / groups
    • Note: attribution is more involved than just overlaying actions performed

I hope this answers your question well!