Introduction
The Four-Question Framework for Threat Modeling

Custom Fields

3
min
Last updated
September 6, 2024

Custom fields provide the opportunity to add domain-specific information to various aspects of IriusRisk. For example, Projects in IriusRisk are generally based on larger projects within a development team. It might therefore make sense to annotate a project with an external ID that identifies the larger project it belongs to.

To view, edit or create custom fields, navigate to the custom fields page in IriusRisk. By default, no custom fields exist.

To create a new field, select the type of field you need (project, countermeasure, threat or test) and click 'New Field'. This presents a flyout page for field creation.

At the very least, you will need to enter a human-readable name for the field and select the type of data to capture. Default data types include text (and text area), date, hyperlinks, users and business units. The latter two will auto-populate with the users and business units available in the system.

It is also possible to custom-define a data type. For instance, you could define a single-select or multi-select list of options for the user to choose from. Also, there is functionality to define data validation, ensuring that data the user enters is valid.

Finally, you can specify permissions associated with the data, specifically whether the custom field is visible, is editable and exportable. If for instance you want to automatically populate a field, you could specify that it be visible, yet not editable. It could nonetheless be populated via Rules or the REST API.

Close Modal