IruisRisk Documention
Introduction
The Four-Question Framework for Threat Modeling
Question 1: What are we working on - Creating a threat model
Create a diagram from scratch 
Trust zones and components 
Adding Component details 
Changing Component Visibility by Business Unit
Answer our questionnaire to create a diagram 
Import a template
File Import Feature
Use our AI Assistant, Jeff 
Embedded IriusRisk Project Diagrams in external tools
Question 2: What can go wrong - Assessing Threats in IriusRisk
Analyzing the threats
Filter Threats and Countermeasures by Custom Fields
Threat Details
Fields: Threat Details
Impact: Threat Details
Risk Summary: Threat Details
Risk types and their explanations
Test State: Threat Details
Question 3: What are we going to do about it - Countermeasures
Change the Countermeasures Status
Seeing countermeasures applicable to a Standard
Create Issue Trackers from your Countermeasures
Configuring your Issue Trackers
Question 4: Did we do a good job
Reporting
Compliance Report
Current Risk Summary Report
Technical Countermeasure Report
Technical Threat Report
Export your threat model
Risk Score
Configurable Options in IriusRisk
Security Content
Risk pattern libraries
Risk Calculation
Security Classifications
Standards
Templates
Objects
Components
Assets
Trust Zones
Deleting Tags in Dataflows and Risk Pattern
Workflows
Custom Fields
Rules
Integrations & Imports
Miscellaneous
Version History
See Threat Model Output (Threats and Countermeasures) Changes Over Time
Automated Component Change Detection in IriusRisk
Copy the Project link to share with others
Audit Log
Deleting Tags in Dataflows and Risk Pattern
User Management
APIs to use UUID rather than Username
Using SAML as an authentication-only identity provider
Rules

Rules

3
min
Last updated
September 6, 2024
Integrations and Imports

The Rules subsystem within IriusRisk is the heavy lifter when calculating threats and risks. It processes the data entered into a threat model, including the diagram, data flows, trust models and so on. By examining the data, it is able to calculate overall risk, mitigate various threats, introduce new risks, and so on.

The Rules engine is based on the business rules management system (BRMS) Drools, largely developed by IBM and Red Hat, but now a part of Apache Kie. (See https://drools.org/). IriusRisk has provided a powerful user interface to aid custom rules development, which is found by navigating to the Rules page.

As can be seen from the Rules landing page, IriusRisk contains thousands of rules, each performing important actions when processing a threat model. To create your own rule, click on Create rule, showing you a page for entering the rule details.

Begin by naming the rule, and storing it in an appropriate place. By default, the rule is stored in the global space, but it is recommended that you store it in a custom library. It is often advisable to have a dedicated library for a specific set of rules–for instance, a set of rules creating and responding to a questionnaire might best be stored in a single library for that purpose.

Next, choose the rule's "context"--whether the rule should run using data associated with a project as a whole, for instance, or with component, threat or data flow data instead. Each context brings with it specific data and actions that can be performed.

Having chosen a context, you can select one or more conditions indicating when the rule should be triggered. For instance, you can specify that a rule only be triggered on project creation, or in fact should run every time rules are run. Selecting multiple conditions "ands" them together–all the conditions would have to be true for the rule to trigger.

Next, choose the action to take if the conditions are matched. You can notify a user of something, for instance, or automatically mark a countermeasure as implemented.

The rules subsystem is a large and complex topic. There are several articles in the IriusRisk documentation exploring various ways they can be leveraged. 

Close Modal