IruisRisk Documention
Introduction
The Four-Question Framework for Threat Modeling
Question 1: What are we working on - Creating a threat model
Create a diagram from scratch 
Trust zones and components 
Adding Component details 
Replacing components in the diagram 
Changing Component Visibility by Business Unit
Answer our questionnaire to create a diagram 
Import a template
File Import Feature
(BETA) Import from AWS Cloud
Use our AI Assistant, Jeff 
Embedded IriusRisk Project Diagrams in external tools
Question 2: What can go wrong - Assessing Threats in IriusRisk
Analyzing the threats
Filter Threats and Countermeasures by Custom Fields
Threat Details
Fields: Threat Details
Impact: Threat Details
Risk Summary: Threat Details
Risk types and their explanations
Test State: Threat Details
Question 3: What are we going to do about it - Countermeasures
Multiple Select for Countermeasures
Change the Countermeasures Status
Seeing countermeasures applicable to a Standard
Create Issue Trackers from your Countermeasures
Configuring your Issue Trackers
Question 4: Did we do a good job
Reporting
Compliance Report
Current Risk Summary Report
Technical Countermeasure Report
Technical Threat Report
Export your threat model
Risk Score
Configurable Options in IriusRisk
Security Content
Risk pattern libraries
Risk Calculation
Security Classifications
Standards
Templates
Objects
Components
Assets
Trust Zones
Deleting Tags in Dataflows and Risk Pattern
Workflows
Custom Fields
Rules
Integrations & Imports
Project Roles
Miscellaneous
Version History
See Threat Model Output (Threats and Countermeasures) Changes Over Time
Automated Component Change Detection in IriusRisk
Copy the Project link to share with others
Audit Log
Export your Project List as XML
Deleting Tags in Dataflows and Risk Pattern
User Management
IAM Roles authentication for pulling projects from an AWS Cloud
APIs to use UUID rather than Username
Using SAML as an authentication-only identity provider
Custom Fields

Custom Fields

3
min
Last updated
January 20, 2025

Custom fields provide the opportunity to add domain-specific information to various aspects of IriusRisk. For example, Projects in IriusRisk are generally based on larger projects within a development team. It might therefore make sense to annotate a project with an external ID that identifies the larger project it belongs to.

To view, edit or create custom fields, navigate to the custom fields page in IriusRisk. By default, no custom fields exist.

To create a new field, select the type of field you need (project, countermeasure, threat or test) and click 'New Field'. This presents a flyout page for field creation.

At the very least, you will need to enter a human-readable name for the field and select the type of data to capture. Default data types include text (and text area), date, hyperlinks, users and business units. The latter two will auto-populate with the users and business units available in the system.

It is also possible to custom-define a data type. For instance, you could define a single-select or multi-select list of options for the user to choose from. Also, there is functionality to define data validation, ensuring that data the user enters is valid.

You can even utilize our conditional display functionality to show or hide groups based on dropdown selections, to help streamline project data entry and simplify mandatory reporting processes.

Rules
Close Modal