For some techniques, it's hard to know ahead of time just how to do a full mapping. For example, consider the above screenshot for the ATT&CK technique of "Command-Line Interface". Technically those are executing commands via the command-line, so the mappings works; however, additional mappings can be made based on the commands be executed. If the command is
id then it's reasonable to have a secondary ATT&CK mapping of "System Owner/User Discovery". This is something potentially only known after the fact of execution.