| 1 Definition | 2 Functional Requirements | 3 Syntax |
| 4 Semantics | 5 Conformance Testing | 6 Performance Assessment |
1 Definition
The set of Statements related to Primary Risks.
2 Functional Requirements
See the Primary Risk Data in Semantics.
3 Syntax
https://schemas.mpai.community/CUI1/V2.0/data/PrimaryRiskStatements.json
4 Semantics
| Label | Description |
| Header | Space-Time Header |
| – Standard-Object | The characters “CUI-PRS-V” |
| – Version | Major version – 1 or 2 characters |
| – Dot-separator | The character “.” |
| – Subversion | Minor version – 1 or 2 characters |
| MInstanceID | Identifier of Virtual Space. |
| RiskStatementTime | Risk Statement Time |
| PrimaryRiskData | Set of Risk Statements |
| – RiskName | Risk name according to Taxonomy. |
| – AIMID | ID of AIM processing the Risk of Risk name. |
| – RiskData | JSON of the AIM in AIMID. |
| DescrMetadata | Descriptive Metadata |
Informative example of the semantics of the third column for Primary Risk Data of a Cyber Risk AIM.
| Label | Description |
| PrimaryRiskData | Set of Risk Statements |
| – AttackerSourceIP | |
| – AttackDetectionTime | Time the attack was started or detected. |
| – VectorProviderOrSource | Provider of input vector or external source. |
| – Type | IP address |
| – AttackSorceIPAddress | IP address of source of attack |
| – DoSDestinationIP | |
| – AttackDetectionTime | Time the DoS was detected. |
| – VectorProviderOrSource | Provider of input vector or external source. |
| – Type | Type: IP address |
| – AttackDestinationIPAddress | IP address of destination of attack |
| – SourcePort | |
| – AttackDetectionTime | Time the flow was started or detected. |
| – Vector ProviderOrSource | Provider of input vector or external source. |
| – Type | Number |
| – AttachSourcePortNumber | Port number from which the packet was sent. |
| – DestinationPort | |
| – AttackDetectionTime | Time the flow was started or detected. |
| – Vector ProviderOrSource | Provider of input vector or external source. |
| – Type | Number |
| – AttackDestinationPortNumber | The port number to which the packet is directed. |
| – Protocol | |
| – AttackDetectionTime | |
| – Vector ProviderOrSource | |
| – Type | |
| – CommunicationProtocol | |
| – Duration | |
| – StartAndEndTimeTime | |
| – Vector ProviderOrSource | |
| – Type | |
| – AttackDuration | |
| – Packets | |
| – AttackDetectionTime | |
| – Vector ProviderOrSource | |
| – Type | |
| – TransmittedPacktetsNumber | |
| – Bytes | |
| – AttackDetectionTime | |
| – Vector ProviderOrSource | |
| – Type | |
| – DataTransferVolume | |
| – RequestFrequency | |
| – AttackDetectionTime | |
| – Vector ProviderOrSource | |
| – Type | |
| – OccurrenceOfFlowRate | |
| – IPAddressEntropy | |
| – AttackDetectionTime | |
| – Vector ProviderOrSource | |
| – Type | |
| – SourceDiversity | |
| – TCPFlag | |
| – AttackDetectionTime | |
| – Vector ProviderOrSource | |
| – Type | |
| – TCPPacketsFlag |
5 Conformance Testing
A Data instance Conforms with Primary Risk Statements (CUI-PRS) V2.0 if:
- The Data validates against the Primary Risk Statements’ JSON Schema.
- All Data in the Primary Risk Statements’ JSON Schema
- Have the specified type.
- Validate against their JSON Schemas.
- Conform with their Data Qualifiers if present.
