Sample Document. This report illustrates the structure and content of a Manifest Comparison Report produced by the RiskOpsBench 1.0 analysis engine. It is derived from two reference Domain Blueprint Manifest configurations for the Enterprise Cybersecurity Threat Operations domain. Client comparison reports are compiled from the client’s own manifests and are not shared with other participants. All structural values in this sample are computed from actual reference configurations using the deterministic scoring engine.
Eagle Score Impact
Eagle Score and maturity level shift produced by the structural changes between the two manifest versions.
Manifest A · v1.0
Infrastructure Intrusion Detection
44
L3 Traceable
Manifest B · v1.5.0-Hardened
Enterprise Cyber-Defense Operations
71
L4 Auditable
Manifest Configuration Overview
Key structural parameters for each manifest version. These parameters drive corpus generation and Eagle Framework scoring.
Manifest A
Infrastructure Intrusion Detection
cybersecurity-threat-ops · v1.0
Decision Space5 actions
Evidence Types6 signals
Observer Nodes3 observers
MITRE Techniques4
OWASP Categories2
Target State Prior0.35 (scalar)
Partial Obs. Rate0.30
Training Split0.60
Manifest B
Enterprise Cyber-Defense Operations
cybersecurity_v2 · v1.5.0-Hardened
Decision Space6 actions +1
Evidence Types12 signals +6
Observer Nodes6 observers +3
MITRE Techniques8 +4
OWASP Categories5 +3
Target State Prior0.15 (per-class object)
Partial Obs. Rate0.25
Training Split0.50
Structural Comparison
Expandable sections for each structural dimension. Click a section to view the detailed comparison of Manifest A and Manifest B configurations.
Manifest A · 6 types
Perimeter and session detection signals covering edge, CDN, and identity layers.
TLS_FINGERPRINT
DEVICE_FINGERPRINT
ASN_REPUTATION
VPN_DETECTION
COOKIE_CONSISTENCY
BEHAVIORAL_SIGNAL
Manifest B · 12 types
All 6 signals retained. 6 new signals added targeting post-authentication, endpoint, and exfiltration threat vectors.
TLS_FINGERPRINT
DEVICE_FINGERPRINT
ASN_REPUTATION
VPN_DETECTION
COOKIE_CONSISTENCY
BEHAVIORAL_SIGNAL
API_MUTATION_VELOCITY
CREDENTIAL_STUFFING_BURST
SUSPICIOUS_BINARY_EXEC
PRIVILEGE_ESCALATION_CALL
DATA_EXFILTRATION_VOLUME
PHISHING_URL_CLICK_TELEMETRY
Manifest B doubles the evidence taxonomy. The six added signals target post-authentication threat vectors not covered by Manifest A, expanding the scenario space from perimeter and session signals to endpoint, network, and exfiltration telemetry. This substantially increases corpus diversity and reduces scenario homogeneity risk. Primary scoring impact: D1 Evidence Attribution gained 33 points, the largest gain across all seven dimensions.
Manifest A · 5 actions
ALLOW
BLOCK
CHALLENGE
ESCALATE
MONITOR
Manifest B · 6 actions
ALLOW_AUTH
CHALLENGE_MFA
RATE_LIMIT_IP
ISOLATE_WORKSPACE
TERMINATE_SESSION
BLOCK_PERIMETER
Manifest B replaces generic labels (ALLOW, BLOCK, CHALLENGE) with operationally specific actions that map directly to enterprise security tooling. ALLOW maps to ALLOW_AUTH, BLOCK maps to BLOCK_PERIMETER, CHALLENGE maps to CHALLENGE_MFA. The addition of RATE_LIMIT_IP, ISOLATE_WORKSPACE, and TERMINATE_SESSION provides three intermediate response tiers absent from Manifest A, increasing the structural complexity of optimal decision selection problems.
Manifest A · 3 observers
Partial observability rate: 0.30
Edge_WAF_Gateway
Cloudflare_CDN_Proxy
Identity_Auth_Core
Manifest B · 6 observers
Partial observability rate: 0.25
Edge_Cloudflare_WAF
Internal_VPC_Flow_Logs
Okta_Identity_Provider
CrowdStrike_EDR_Agent
Active_Directory_Domain_Controller
Zscaler_Secure_Web_Gateway
Manifest B doubles the observer count, introducing endpoint detection, internal network flow, and identity provider nodes absent from Manifest A. The slight reduction in partial observability rate from 0.30 to 0.25 does not reduce scenario difficulty: the additional observers create more complex consensus and conflict scenarios across more distinct vantage points. Primary scoring impact: D5 Human Oversight Readiness gained 20 points, the smallest gain across all seven dimensions, indicating that further observer configuration depth is required to maximise D5 scoring.
| Manifest A | Manifest B | Delta |
| MITRE ATT&CK Techniques |
T1078, T1110, T1190, T1539 |
T1589, T1059, T1110, T1078, T1566, T1119, T1068, T1105 |
+4 |
| OWASP Top 10 Categories |
2 categories |
5 categories |
+3 |
Manifest B expands threat coverage from 4 to 8 MITRE ATT&CK techniques and from 2 to 5 OWASP Top 10 categories. The additions cover Reconnaissance, Execution, and Command and Control tactics not represented in Manifest A. This expansion broadens the scenario space and increases the corpus relevance to real-world multi-stage attack campaigns.
| Parameter | Manifest A | Manifest B |
| Target State Probability |
0.35 (scalar) |
0.15 MALICIOUS_ATTACK / 0.85 LEGITIMATE_USER (per-class object) |
| Training Split |
0.60 |
0.50 |
| Validation Split |
0.20 |
0.15 |
| Test Split |
0.10 |
0.15 |
| Adversarial Test Split |
0.10 |
0.10 |
Manifest B uses a significantly lower prior for the malicious state (0.15 versus 0.35), producing a more realistic class imbalance that reflects enterprise security operational environments. This increases the structural difficulty of the long-tail imbalance partition. The training split reduction from 0.60 to 0.50 redistributes evaluation weight across validation and test partitions, producing a more balanced and rigorous evaluation configuration.
Eagle Framework Dimension Score Comparison
Per-dimension scores for each manifest version. Scores reflect the structural quality of the compiled corpus and the completeness of the manifest configuration. Higher scores indicate a manifest that produces a richer, more structurally complete benchmark corpus.
| Dimension |
Manifest A |
Manifest B |
Delta |
| D1 Evidence Attribution |
|
|
+33 |
| D2 Decision Traceability |
|
|
+28 |
| D3 Confidence Calibration |
|
|
+32 |
| D4 Counterfactual Accountability |
|
|
+28 |
| D5 Human Oversight Readiness |
|
|
+20 |
| D6 Incident Reconstruction Capability |
|
|
+25 |
| D7 Audit Trail Completeness |
|
|
+22 |
Largest gain: D1 Evidence Attribution (+33). The doubling of the evidence taxonomy from 6 to 12 types directly expands the evidence attribution evaluation space. Signals such as API_MUTATION_VELOCITY and PRIVILEGE_ESCALATION_CALL create distinct attribution scenarios not possible with the Manifest A configuration.
Smallest gain: D5 Human Oversight Readiness (+20). Human oversight readiness assessment is less dependent on evidence taxonomy breadth and decision space scope than on the structural configuration of oversight mechanisms within the manifest itself. Neither manifest version includes explicit human-in-the-loop configuration parameters that would drive differential D5 scoring.
Structural Findings
Findings represent structural gaps and informational observations identified through comparison of the two manifest configurations. STRUCTURAL findings indicate gaps that materially limit corpus quality or Eagle Framework scoring. INFORMATIONAL findings indicate observations relevant to manifest calibration.
Manifest A covers only perimeter and session signals, leaving endpoint and network telemetry outside the evaluation scope. The six-signal taxonomy is sufficient to generate a valid corpus but produces scenario homogeneity across challenge types, limiting the structural diversity of evidence attribution problems.
Recommendation
Extend the evidence taxonomy to include at least one endpoint detection signal (such as SUSPICIOUS_BINARY_EXEC or PRIVILEGE_ESCALATION_CALL) to enable assessment of AI reasoning under multi-vector threat conditions.
Manifest A with three observers produces limited consensus conflict scenarios. Fragile consensus and partial observability challenge types are constrained in structural diversity because the three-observer topology does not generate sufficient vantage point variation to produce complex consensus failure patterns.
Recommendation
Expand the observer count to at least five distinct vantage points covering edge, identity, endpoint, and network observation layers to enable richer structural scenario generation.
Access Note. This sample comparison report is derived from two reference Domain Blueprint Manifest configurations for the Enterprise Cybersecurity Threat Operations domain. All structural values are computed from actual reference preset configurations included in the RiskOpsBench 1.0 assessment engine. Manifest Comparison Reports are planned for introduction following the Founding Validation Programme. A client comparison report is compiled from two Domain Blueprint Manifests specific to the client’s operational context and produces findings and recommendations applicable to that client’s structural configuration. Founding Validation Programme: Platform Access USD 3,999 (one-time) + Insight Cycles USD 999 each. Contact research@trinetra.life to initiate an engagement.