This documentation applies only to IriusRisk v1.x.y
In the chapter on Customizing the Questionnaires, the two types of questionnaires are introduced: the Main Questionnaire and the Component Questionnaire. These are also referred to as "Modules" in the rules editor.
In this chapter we'll demonstrate how to customize the Main Questionnaire, which is launched during the new Product creation process and when the "Open Architecture Questionnaire" button is pressed on the Architecture tab.
The default main questionnaire, simply contains a list of components to select and a Templates tab (if any templates have been created):
Modifying this questionnaire, such as adding new question categories or adding new questions to the existing component groups entails creating rules in the "Main" module very similar to customising the component questionnaires. As an example, let's consider the case where we want to present the user with a list of Single Sign-on technologies in a new "SSO" category, with a new option of "SAMLv2". When the user selects this option, then IriusRisk should automatically import an existing template that represents a SAMLv2 architecture.
Step 1. Create a template that will hold the threat model for a SAMLv2 architecture. Creating a template, simply requires creating a product, adjusting the threats and countermeasures to the desired state, and then publishing it as a template:
Step 2. Create a new rule in the "Main" module that inserts a new Question Group and defines a new Category. Note that the "Action" on this rule is: "Insert Question Group".
Step 3: Create a new rule in the Main module to insert a new Question into the Question Group above:
Note that the condition for this rule is that: Question Group Exists: "Choose the Single Sign On solution that will be used". This insures that the inserted question is inserted into the correct question group.
Executing the main questionnaire by clicking on the Open Architecture Questionnaire, should now display:
But at this stage, selecting the question SAMLv2 will have no effect. We need to create 1 more rule that imports the desired template if the user selects that question:
Step 4: Create a rule to import the template when the user chooses the SAMLv2 option:
The end result is that now the user can create a new product choose an SSO solution and have the whole SAMLv2 template imported: