IriusRisk Team
|
The Threat Modeling Experts
January 16, 2025

Product Release 4.38

Overview

IriusRisk 4.38 has even more improvements, we are thrilled to share this latest update! Some advancements include:

  • Revamped Technical Threats Report
  • Easy Component Replacement in Diagrams
  • Conditionally display Custom Field groups on Project details

Take a look at the full list below, or go directly to the Release Notes.

Improved XML Import by Creating Components First

Time is precious. When you upload a project, or import a template, there's nothing worse that waiting eagerly for the import to load.
We've now introduced a two-phased approach to loading. Whilst the magic of the rules engine runs behind-the-scenes to generate the threats and countermeasures, you can now review and interact with the diagram part of the threat model.

Easy Component Replacement in Diagrams

We're in an agile world; systems and implementations change, and so should the threat model. Perhaps you've imported a diagram from an external resource, or used our AI to generate it for you, and now you want to refine the component(s). Swapping components out for alternatives, or marking components as 'out-of-scope' has previously been a lengthy process, with manual deletion, replacement, and reconnecting to data flows needed.
Users can seamlessly replace components directly within the diagram using a right-click, eliminating the need to recreate connections and significantly streamlining the update process.

You can keep the slide-in model on the right hand side open, to continue replacing components elsewhere in the diagram. The search bar speeds this up significantly if you prefer to search over expanding component groupings.

New Default Mappings for Visio and Terraform Plan

Visio mappings for Azure and Terraform Plan mappings for Google Cloud will be included in this release. Previously this included AWS only.

Set User’s Roles on a Project

Not all users require the same level of access for each project. There may be cases where individuals or teams do not require any access at all, whereas in other projects they need to have Manager or Admin rights. 

Users with appropriate permissions will now be able to override individual users or whole business unit’s roles within the project access view. This allows for users to have differing levels of permissions for each project they can access.

The previous location for ‘Ownership’ in the top left menu under the cog icon, has now been renamed to ‘Project Access.’

This has also moved to the top right next to the update and lock threat model icons. See the icon with a person and a plus sign to locate the ‘Project Access’ area. This is to make it accessible faster and more easily by placing it within the UI.

Revamped Technical Threat Report with HTML Format

There's no one-size-fits-all report structure or format - what if you want to easily paste our report into Confluence, a Google Doc, or perhaps an email to share more widely? Until today, portability of our previous DOCX format has always been a challenge, but that's now set to change.

As part of the available formats, we now offer an HTML version. This format is set to replace the old DOCX format because it is less portable and can be easily integrated into various tools, such as email platforms. In addition, the overall style, layout, readability and structure of the charts is much improved. 

Conditionally display Custom Field groups on Project details

This new feature introduces conditional display functionality for custom fields in the Project Details screen, enabling users to show or hide groups of fields based on dropdown selections. Designed to enhance usability for customers, this feature streamlines project data entry and simplifies mandatory reporting processes.

Security Content

There has been a content update for Mitre ATT&CK Framework library content which has been updated to version 16.1. For new components, we have 39 new ones in total for this release.

New components:

Amazon web services - Components

  • AWS Network Load Balancer

Kubernetes - Components

  • Kubernetes Cluster
  • Kubernetes Control Plane
  • Kubernetes Pod
  • Kubernetes worker node

Microsoft Azure - Components

  • Azure Active Directory B2C
  • Azure AD Remote Workers
  • Azure Advisor
  • Azure AI services
  • Azure API Apps
  • Azure App Service Plan
  • Azure Application Insights
  • Azure Archive Storage
  • Azure Artifacts
  • Azure Automanage
  • Azure Availability Zone
  • Azure Blob Storage
  • Azure Bot Framework SDK
  • Azure Citrix DaaS Standard
  • Azure Cloud Hub
  • Azure Defender
  • Azure Developer CLI
  • Azure ExpressRoute
  • Azure Portal
  • Azure Resource Manager (ARM) Template
  • Azure SQL Edge
  • Azure SQL Managed Instance
  • Azure SQL Server
  • Azure Subnet
  • Azure Table Storage
  • Azure Time Series Insights
  • Azure Visual Studio
  • Azure Web Apps
  • Microsoft Defender for Identity
  • Microsoft Dev Box
  • Microsoft Entra External ID
  • Microsoft Entra ID
  • Microsoft Fabric
  • Microsoft Power Platform

Deprecations

Postgres version 12 has now reached end of life and is no longer supported. You can find out more here: https://www.postgresql.org/support/versioning/ 

We currently provide a mechanism to provide some configuration options for SAML via environment variables instead of configuration files, facilitating secure versioning of these configuration files. As part of our initiative to move SAML authentication configuration to an UI-based flow, we will remove these environment variables on 30 March 2025. If you have any questions, please reach out to your Customer Success Manager.

Release Notes and Documentation

For more information, see Version 4.38 Release Notes or check out our Documentation.

Shape the future of Threat Modeling with us!

Join IriusRisk Horizon - Customer Research, Product Discovery, and Early Access. Join today.

Swaggerhub & Github

Find out more of what you need in GitHub and Swaggerhub Repos:

https://app.swaggerhub.com/apis/continuumsecurity/IriusRisk/1.24.0 - We provided this featured API to allow for deeper customer integrations as well as enable very flexible automations within the many varied environments IriusRisk needs to operate.

https://app.swaggerhub.com/apis/iriusrisk/IriusRiskV2/2.0.0-beta.8 - Please note that this version of the API is currently in beta. While it offers advanced features for deeper integrations and flexible automations, we reserve the right to make breaking changes during this phase and encourage caution in production environments.

https://github.com/iriusrisk/IriusRisk-Central - Provides content useful for IriusRisk threat modelling, including templates, API scripts, libraries and more.