IruisRisk Documention
Introduction
The Four-Question Framework for Threat Modeling
Question 1: What are we working on - Creating a threat model
Create a diagram from scratch 
Trust zones and components 
Adding Component details 
Changing Component Visibility by Business Unit
Answer our questionnaire to create a diagram 
Import a template
File Import Feature
Use our AI Assistant, Jeff 
Embedded IriusRisk Project Diagrams in external tools
Question 2: What can go wrong - Assessing Threats in IriusRisk
Analyzing the threats
Filter Threats and Countermeasures by Custom Fields
Threat Details
Fields: Threat Details
Impact: Threat Details
Risk Summary: Threat Details
Risk types and their explanations
Test State: Threat Details
Question 3: What are we going to do about it - Countermeasures
Change the Countermeasures Status
Seeing countermeasures applicable to a Standard
Create Issue Trackers from your Countermeasures
Configuring your Issue Trackers
Question 4: Did we do a good job
Reporting
Compliance Report
Current Risk Summary Report
Technical Countermeasure Report
Technical Threat Report
Export your threat model
Risk Score
Configurable Options in IriusRisk
Security Content
Risk pattern libraries
Risk Calculation
Security Classifications
Standards
Templates
Objects
Components
Assets
Trust Zones
Deleting Tags in Dataflows and Risk Pattern
Workflows
Custom Fields
Rules
Integrations & Imports
Miscellaneous
Version History
See Threat Model Output (Threats and Countermeasures) Changes Over Time
Automated Component Change Detection in IriusRisk
Copy the Project link to share with others
Audit Log
Deleting Tags in Dataflows and Risk Pattern
User Management
APIs to use UUID rather than Username
Using SAML as an authentication-only identity provider
Analyzing the threats

Analyzing the threats

3
min
Last updated
September 25, 2024
Filter Threats and Countermeasures by Custom Fields

Now it is time to examine the output from your newly created threat model. Head over to the ‘Threats and Countermeasures’ tab at the top of the screen. You will see the Threats on the left hand side.

If you wish, you can widen the column while you work on the Threats area, and even minimize the Countermeasures all together until you are finished. This view will also be saved for the next time you log in. The columns can easily be changed simply by dragging the columns left or right as you require.

The threats are grouped by component, and can be expanded out to see the list of use cases and threats. You can expand each of these for further information to see how the threats map to STRIDE, a popular threat modeling methodology.  

Threat use cases can be expanded, for example let’s look at Tampering under Web UI which has two identified threats. One is highlighted as a Medium risk, the other as High.

Further actions can be taken here, such as marking a threat as 'Not Applicable', or if you deem it acceptable, 'Accept Risk'. 

Click onto the threat and it will filter the countermeasures view on the right, to show just that associated mitigation, and what category it is in. Whether it is 'Recommended', 'Required', and so on. You will see there are several Bulk Actions that can be taken.

Filter Threats and Countermeasures by Custom Fields

This functionality empowers users to quickly find and filter threats and countermeasures based on their specific criteria, defined in the custom fields, making it easier than ever to tailor your threat modeling process to your unique security needs. Whether you’re looking to refine your risk assessments or manage complex security landscapes, this feature provides greater flexibility and control over your data. These would also include the new system custom fields included in the new V2 components.

To do this, go to the Filter icon on either Threats or Countermeasures. In this example we will show Countermeasures, then select ‘Advanced Filtering’:

Next you choose which filter category you would like to select, which brings up a drop down beneath it like the below image, once satisfied select ‘Apply Filters’:

Close Modal