IruisRisk Documention
Introduction
The Four-Question Framework for Threat Modeling
Question 1: What are we working on - Creating a threat model
Create a diagram from scratch 
Trust zones and components 
Adding Component details 
Changing Component Visibility by Business Unit
Answer our questionnaire to create a diagram 
Import a template
File Import Feature
Use our AI Assistant, Jeff 
Embedded IriusRisk Project Diagrams in external tools
Question 2: What can go wrong - Assessing Threats in IriusRisk
Analyzing the threats
Filter Threats and Countermeasures by Custom Fields
Threat Details
Fields: Threat Details
Impact: Threat Details
Risk Summary: Threat Details
Risk types and their explanations
Test State: Threat Details
Question 3: What are we going to do about it - Countermeasures
Change the Countermeasures Status
Seeing countermeasures applicable to a Standard
Create Issue Trackers from your Countermeasures
Configuring your Issue Trackers
Question 4: Did we do a good job
Reporting
Compliance Report
Current Risk Summary Report
Technical Countermeasure Report
Technical Threat Report
Export your threat model
Risk Score
Configurable Options in IriusRisk
Security Content
Risk pattern libraries
Risk Calculation
Security Classifications
Standards
Templates
Objects
Components
Assets
Trust Zones
Deleting Tags in Dataflows and Risk Pattern
Workflows
Custom Fields
Rules
Integrations & Imports
Miscellaneous
Version History
See Threat Model Output (Threats and Countermeasures) Changes Over Time
Automated Component Change Detection in IriusRisk
Copy the Project link to share with others
Audit Log
Deleting Tags in Dataflows and Risk Pattern
User Management
APIs to use UUID rather than Username
Using SAML as an authentication-only identity provider
Integrations and Imports

Integrations and Imports

2
min
Last updated
September 6, 2024
Miscellaneous

We have many types of integrations, parsers, imports and exports available. Below we have listed out what is possible and in what capacity. 

Bidirectional managed integrations 

These tools are integrated into the IriusRisk workflow, and changes made within these issue trackers are reflected in our tool - and vice versa. 

  • Azure DevOps
  • CA Rally
  • Servicenow
  • Jira Software

Import capability via the API 

The below software can be imported into IriusRisk, using API platform, Postman. This allows users of these existing tools to bring in other data flow diagrams to generate a threat model including threats and countermeasures. We have also made it possible for some file imports directly in the UI, where an accompanying mapping file is not required.

  • AWS CloudFormation
  • Diagrams.net (draw.io)
  • Fortify
  • Google Cloud
  • HashiCorp Terraform
  • Jenkins
  • Keycloak
  • Lucidchart
  • Microsoft Active Directory
  • Microsoft Azure
  • Microsoft Threat Modeling Tool
  • Microsoft Visio
  • Okta
  • Salesforce
  • Swaggerhub
  • Synopsys
  • Zap

Integrations via third party software

This setup with Secure Code Warrior, allows users in Jira to see recommended training modules relating to the countermeasure they are looking to mitigate. 

  • Secure Code Warrior

Integrate with testing frameworks 

Validate your test results with information from these testing frameworks. 

  • Cucumber
  • Jbehave
  • Junit5
Close Modal