Introduction
The Four-Question Framework for Threat Modeling

Miscellaneous

P.S./we forgot to mention/one more thing/this stuff is pretty cool too...

2
min
Last updated
November 25, 2024

Contents

Version History

See Threat Model Output (Threats and Countermeasures) Changes Over Time

Automated Component Change Detection in IriusRisk

Copy the Project link to share with others 

Audit Log

Export your Project List as XML

Deleting Tags in Dataflows and Risk Pattern

User Management

APIs to use UUID rather than Username

Using SAML as an authentication-only identity provider

 

Version History

This is useful if you would like to see the history of a threat model, to know when it has changed, how frequently, and by whom. The helpful preview allows you to quickly see the differences in the diagram too. Find this option on the top left of your screen, next to the threat model name. Choose the three ellipses and then select 'Version history'. 

You will then be presented with the history of that diagram, including the name of the people who made the edits previously. You can pick between different versions and even compare two against each other by using the Pin icon. 

See Threat Model Output (Threats and Countermeasures) Changes Over Time

In the ever-evolving world of software development, keeping track of changes is critical. For organizations with large, complex systems, manually reviewing project snapshots to identify component changes can be a time-consuming and error-prone task. We know that threat model practitioners often feel frustrated by the need to manually compare snapshots, especially when dealing with extensive software portfolios.

With this enhancement, you will be now able to see the differential in Threats and Countermeasures between two versions of a project.

NOTE: Only available in the backend / API

Automated Component Change Detection in IriusRisk

For organizations with large, complex systems, manually reviewing project snapshots to identify component changes can be a time-consuming and error-prone task. We know that threat model practitioners often feel frustrated by the need to manually compare snapshots, especially when dealing with extensive software portfolios.

We aim to simplify your workflow by instantly providing a list of component changes between any two project versions.

With this feature, you can:

  • Save Time: Automatically generate a list of component changes, eliminating the need for manual reviews.
  • Reduce Errors: Ensure accuracy by automating the detection process, minimizing the risk of human error.
  • Boost Efficiency: Perfect for large-scale projects, where keeping track of every change is crucial.

How It Works

Simply provide two project versions by getting the UUID link. This can be done by opening your threat modlel, navigating to Version History in the same way as above, and then clicking the icon in the top right, which is next to the X. Here a box will appear where you can copy the Project ID. Paste this into Postman and your new endpoints will deliver a clear, detailed list of all component changes, including additions, deletions, and modifications.

Copy the Project link to share with others 

Go to the three ellipses on the top left again, here you will see the top option is to copy the project link. You can send this to team members to collaborate further. 

Audit Log

Go to the Settings Cog in the top right corner, and select ‘Audit Log’ from the drop down. Here you will see all previous ‘events’ - which means what changes have been made, in which projects, and by whom. 

Export your Project List as XML

This was reintroduced as of Release 4.34, to allow users to export their full list of Projects in this preferred format. Simply navigate to your Project List and click the option on the far right represented with an arrow as per the below screenshot.

Give the export a name and press the Export button.

Deleting Tags in Dataflows and Risk Pattern

Deleting tags in dataflows and risk patterns is now possible, via the API. Please note that deleting a tag will remove all instances of that tag across all projects. We will be introducing the ability to delete these tags in the UI coming in 4.33.

User Management 

User profile pictures can be uploaded and deleted in the UI so that it is easier to quickly identify users through the platform. Additionally there will be a warning displayed when you invite users from outside your domain, to reduce the risk of accidentally adding unauthorized users.

This can be found under the Settings Cog (top right corner) and choosing ‘Users’ from the drop down. Then you can add or change as required. 

APIs to use UUID rather than Username

To enhance security and comply with best practices for data protection, we will transition from using usernames to UUIDs in our v2 API endpoint paths. This change will prevent the logging of sensitive information in our logs and any intermediary systems like VPNs. Customers will need to ensure that any existing endpoints using usernames are updated to UUID to continue functioning. This change will be effective from Release 4.33.0. 

Using SAML as an authentication-only identity provider

Some of our clients require that only the user data is shared to IriusRisk, because they want to handle permission/role management directly through IriusRisk, instead of handling it via their identity provider, and we previously offered no way of doing so with SAML.

From Release 4.33.0, clients can now configure their SAML integration so IriusRisk ignores the roles that come from the Identity Provider. Even more, clients will be able to manage these roles manually from IriusRisk, even if the users authenticate via SAML.

Close Modal