Purpose 

This use case will demonstrate how manually added threats can be used to enrich a risk pattern library or security content. In an ideal state, all threats and countermeasures should be added to the threat model using the rules engine versus requiring end users to manually add threats and countermeasures. 

Required permissions

EDIT_RULES - to create rules

LIBRARY_UPDATE - to upgrade a risk pattern library

THREAT_UPDATE - to interact with the threat interface

COUNTERMEASURE_UPDATE - to interact with the countermeasures interface

Instructions

Pre-requisites: 

• Custom library
• Pre-existing project with manually added threats and countermeasures

Use Case Instructions: 

1. Review the project for any manually created threats or countermeasures. This can be viewed by adding the source column (if not already added) and reviewing for the value "M" for manually created.  The flattened view may be easier to view this information depending upon the users preference.

Additionally, the project can be filtered by source which will filter the visibility to just manually created threats. 

Filtered view showing only the manually created threats. 

2. In this scenario, this threat will be added up to the risk pattern library and then automated using the rules so that in the future when DNS as a component is added, these previous manual threats will be added to a threat model automatically. 

3. In the Actions column (the rightmost column), select the ellipsis dropdown and then select "copy to". 

4. From the next interface, select a library from the first dropdown, select a risk pattern in that library from the second dropdown, and then select the use case from within that library that this threat will be added to. 

5. This lift and shift of that threat to the library will also include the weakness and countermeasure associated with that manually created threat. 

6. Next, a rule needs to be created that automatically combines the preconfigured content and the new custom content. Navigate to the rules interface and select the custom library that the threat was placed into. Create a new rule that will now apply that content automatically. The below sample rule applies this new threat if the DNS component has been added to the diagram. 

The following rule adds the same threat if a component questionnaire was answered. 

Additional combinations could be combined as well with trust zone locations that state that this threat only applies if the DNS component is also used in the Internet trust zone. 

7. It is recommended that this rule be tested once saved. This can be done by recreating the example set of conditions that will import this new threat. If you need additional assistance creating rules, please review Rules explanation.