Configuring TARA Methodology
|
Note |
|---|
|
The report generation will works smoothly only if the changes in the methodology are also made to the Latex templates. |
MethodologyDataHeader
Type: Object
Description: Contains metadata about the methodology used.
|
Keys |
Type |
Description |
|---|---|---|
|
MethodologyKey |
String |
A unique identifier for the methodology |
|
MethodologyType |
String |
The type of methodology i.e., AP and LE are the only valid values |
|
Version |
String |
The version of the methodology |
LikelihoodCategories
Type: Array of Objects
Description: A list of categories that can be rated.
|
Keys |
Type |
Description |
|---|---|---|
|
Id |
Integer |
A unique identifier for the category |
|
Name |
String |
The full name of the category |
|
Description |
String or Null |
A description of the category (can be null) |
|
ShortName |
String |
A short representation of the category |
|
Icon |
String |
A code representing an icon associated with the category |
LikelihoodRanges
Type: Array of Objects
Description: A list of ranges for category rating.
|
Keys |
Type |
Description |
|---|---|---|
|
Id |
Integer |
A unique identifier for the range |
|
Name |
String |
The name of the range |
|
Description |
String or Null |
A description of the range (can be null) |
|
NumericLowerLimit |
Integer |
The lower limit of the numeric range |
|
NumericUpperLimit |
Integer |
The upper limit of the numeric range |
|
ColorCode |
String |
A color code associated with the range |
AttackerTypes
Type: Array of Objects
Description: A list of different types of attackers.
|
Keys |
Type |
Description |
|---|---|---|
|
Id |
Integer |
A unique identifier for the attacker type |
|
Name |
String |
The name of the attacker type |
|
ShortName |
String or Null |
A short representation of the attacker type (can be null) |
|
Definition |
String |
A detailed definition of the attacker type |
|
Prerequisites |
String |
The prerequisites needed for this attacker type to perform an attack |
|
Examples |
String |
Examples of individuals or groups that fit this attacker type |
|
Scores |
Object |
A set of score associated with the attacker type, where keys are reference "LikelihoodCategories" (IDs of those categories) and reference "LikelihoodRanges" (IDs of that ranges) |
MultiCategoryImpact
Type: Boolean
Description: Indicates whether multiple categories of impact are considered.
ImpactCategories
Type: Array of Objects
Description: A list of impact categories.
|
Keys |
Type |
Description |
|---|---|---|
|
Id |
Integer |
A unique identifier for the impact category |
|
Name |
String |
The full name of the impact category |
|
Description |
String or Null |
A description of the impact category (can be null) |
|
ShortName |
String or Null |
A short representation of the impact category (can be null) |
|
Icon |
String or Null |
A code representing an icon associated with the category (can be null) |
ImpactRanges
Type: Array of Objects
Description: A list of ranges for impact assessments.
|
Keys |
Type |
Description |
|---|---|---|
|
Id |
Integer |
A unique identifier for the impact range |
|
Name |
String |
The name of the impact range |
|
Description |
String or Null |
A description of the impact range (can be null) |
|
NumericValue |
Integer |
A numeric value representing the impact |
|
ColorCode |
String |
A color code associated with the impact range |
SecurityRisks
Type: Array of Objects
Description: A list of security risks.
|
Keys |
Type |
Description |
|---|---|---|
|
Id |
Integer |
A unique identifier for the security risk |
|
Value |
Integer |
A numeric value representing the severity of the risk |
|
Name |
String |
The name of the security risk |
|
ColorCode |
String |
A color code associated with the security risk |
SecurityProperties
Type: Array of Objects
Description: A list of security properties.
|
Keys |
Type |
Description |
|---|---|---|
|
Value |
Integer |
A numeric value representing the security property |
|
Name |
String |
The name of the security property |
|
PrefixForThreat |
String |
A prefix used for describing threats related to the property |
SecurityRiskMatrix
Type: Array of Objects
Description: A matrix linking impact ranges, likelihood ranges, and security risks.
|
Keys |
Type |
Description |
|---|---|---|
|
ImpactRangeId |
Integer |
The ID of the associated impact range |
|
LikelihoodRangeId |
Integer |
The ID of the associated likelihood range |
|
SecurityRiskId |
Integer |
The ID of the associated security risk |
LikelihoodScores
Type: Array of Objects
Description: A list of scores for different likelihood categories.
|
Keys |
Type |
Description |
|---|---|---|
|
CategoryId |
Integer |
The ID of the likelihood category |
|
Name |
String |
The name of the likelihood score |
|
Value |
Integer |
The numeric score for the likelihood |
|
Description |
String or Null |
A description of the likelihood score (can be null) |
ResponsibleDefaultValues
Type: Array of Strings
Description: A list of default values related to responsibility.
ImpactScores
Type: Array of Objects
Description: A list of scores for different impact categories.
|
Keys |
Type |
Description |
|---|---|---|
|
CategoryId |
Integer |
The ID of the impact category |
|
Name |
String |
The name of the impact score |
|
Value |
Integer |
The numeric score for the impact |
|
Description |
String or Null |
A description of the impact score (can be null) |
ExtendedTreatments
Type: Array of Objects
Description: A list of extended treatments.
|
Keys |
Type |
Description |
|---|---|---|
|
Id |
Integer |
A unique identifier for the treatment |
|
Name |
String |
The name of the treatment |