# 📘 Modul 3: Rule Mapping Table
This notebook displays a structured mapping between use case rule IDs and their technical detection flags.
The table supports alignment between detection logic, alert labeling, and compliance requirements.

In [None]:
import pandas as pd

# Define the rule mapping table
rule_mapping = pd.DataFrame([
    {
        'rule_id': 'UC-01',
        'use_case': 'Non-EU Transfer Without Consent',
        'detection_flag': 'non_eu_flag',
        'severity': 'High',
        'gdpr_article': 'Art. 44',
        'description': 'Transfer of data to non-EU location without active consent.'
    },
    {
        'rule_id': 'UC-02',
        'use_case': 'Access to Raw Diagnostic Data',
        'detection_flag': 'raw_diagnostic_flag',
        'severity': 'High',
        'gdpr_article': 'Art. 5, 32',
        'description': 'Unmasked access to diagnostic data (e.g. DICOM logs).'
    },
    {
        'rule_id': 'UC-03',
        'use_case': 'Consent Flag Manipulation Pattern',
        'detection_flag': 'consent_violation_flag',
        'severity': 'Medium',
        'gdpr_article': 'Art. 7',
        'description': 'Unusual toggling of consent state before sensitive operations.'
    },
    {
        'rule_id': 'UC-04',
        'use_case': 'AI Model Behavior Drift / Manipulation',
        'detection_flag': 'model_drift_flag',
        'severity': 'Medium',
        'gdpr_article': 'Art. 22',
        'description': 'Detection of shift in model output or potential adversarial interference.'
    },
    {
        'rule_id': 'UC-05',
        'use_case': 'Suspicious Admin Access After Hours',
        'detection_flag': 'admin_access_outside_hours',
        'severity': 'High',
        'gdpr_article': 'Art. 32',
        'description': 'Privileged access outside business hours may indicate misuse.'
    }
])

# Display the table
import ace_tools as tools; tools.display_dataframe_to_user(name='Rule Mapping Table', dataframe=rule_mapping)