IriusRisk Team
|
The Threat Modeling Experts
August 17, 2023

Product Update: Release 4.19

Product Update: Release 4.19

We are excited to announce the release of IriusRisk 4.19 which includes these new enhancements and features

  • Preview and manage projects faster with the Project Details view
  • Even more diagram canvas space with a collapsed left navigation and context menus
  • Easily manage your license usage with the new License widget
  • Plus more!

Preview and manage projects faster with the Project Details view

When you open the project list, as you click on each project, a panel with the relevant details of the selected project will appear. This will help you to see and edit key information for each project without opening and closing them.

Furthermore, when clicking on the three dots in the top right corner of the panel, you will be able to execute quick actions for the selected project, without opening it.

Even more diagram canvas space with a collapsed left navigation and context menus

When opening a project and diagram, the menu panel on both the left and the diagram context menu will be collapsed by default. This allows you to have a wider and uncluttered workspace.

Fewer Threats and Countermeasures columns shown by default

In order to simplify the view of threats and countermeasures, we have hidden a view of the less used columns by default. Hiding this information helps you to focus on relevant information of the threat model output. For both threats and countermeasures lists, you still have the option to display the columns if needed.

The following columns will now also be hidden by default when opening the threats list:

  • Risk response
  • Weakness test
  • Source

Similarly, when opening the countermeasures list, these columns will be hidden by default:

  • Cost
  • Source
  • Test result
  • Expiry
  • Tags

Easily manage your license usage with the new License widget

You can check the number of projects you have left according to your license. This will help you to plan your work ahead and use your license wisely.

Note that users who do not have the SYSTEM_SETTINGS_UPDATE permission will not be able to see the button to request a license upgrade.

Easier access to Analytics data with new entities

For customers of the Analytics Module, we have included 7 new data entities. These give you ready-to-use data structures of key IriusRisk and threat model data to be used in your custom dashboards. The new entities are:

  • Countermeasure Reference Entity
  • Test Reference Entity
  • Threat Reference Entity
  • Threat Countermeasure Entity
  • Project Version Entity
  • Component Asset Entity
  • Dataflow Asset Entity

We have also included a parent component ID column to the Components Entity to give you better access to Nested Components.

Manage the Custom Fields of IriusRisk provided countermeasures through a new API

Following on from the API end point we released recently, that allows you to associate your custom Standards with IriusRisk provided countermeasures, in this release we have introduced an API endpoint that lets you manage the custom fields associated with the countermeasures in libraries.

If you have Custom Fields defined for countermeasures, then the values can be set for the countermeasures inside projects. But previously, although the custom fields were visible within libraries, it was not possible to change the values. The follow types of custom fields can now be edited: DATE, TEXT and TEXTAREA.

The new endpoint allows you to update the provided custom fields to all the countermeasures that match a given ref in libraries:

The endpoint will accept a body with the following data:


This means you can now pre-set the values of the custom fields in libraries and have them applied automatically to all instances of the countermeasures in projects.

For more information see the API documentation in Swagger Hub.

Security Content

The following new components have been added.

Generic components:

  • Generic SaaS
  • COTS (Component Off-The-Shelf)

Hardware components:

  • USB Drive

Functional components:

  • Contact Form
  • Chat Message
  • Content Sharing
  • File Transfer
  • Invitation Event
  • QR Code Scanning
  • Shopping Cart

The following standards and libraries have also been updated:

  • Remove deprecated countermeasure for AWS EKS about Pod Security Policy
  • Updated Security Standard: CIS Kubernetes Benchmark
  • Updated ISO 27002 to latest version (2022)

Deprecations

ThreadFix Test Import Notice

From September 2023 the import test result functionality for ThreadFix will be removed.

Release notes

For more information, see the Version 4.19 Release Notes.

Shape the future of Threat Modeling with us!

Join IriusRisk Horizon

IriusRisk Horizon - Customer Research, Product Discovery, and Early Access. Join today.