In the chapter on Customizing the Questionnaires, two types of questionnaires are introduced: the Main Questionnaire and the Component Questionnaire. These are also referred to as "Modules" in the rules editor.
In this chapter, we'll demonstrate how to customize the Main Questionnaire, which is launched during the new Product creation process and when the "Open Architecture Questionnaire" button is pressed on the Architecture tab.
The default main questionnaire simply contains a Templates tab (with a list of templates if any templates have been created):
Modifying this questionnaire, such as adding new question categories and adding new questions and question groups entails creating rules in the "Main" module very similar to customizing the component questionnaires. As an example, let's consider the case in which we want to present the user with a list of Single Sign-on technologies in a new "SSO" category, with a new option of "SAMLv2". When the user selects this option, IriusRisk should automatically import an existing template that represents a SAMLv2 architecture.
Step 1. Create a template that will hold the threat model for a SAMLv2 architecture. Creating a template simply requires creating a product, adjusting the threats and countermeasures to the desired states, and then publishing it as a template:
Step 2. Create a new rule in the "Main" module that inserts a new Question Group and defines a new Category. Note that the "Action" on this rule is: "Insert Question Group".
Step 3: Create a new rule in the Main module to insert a new Question into the Question Group above:
Note that the condition for this rule is that: Question Group Exists: "Choose the Single Sign On solution that will be used". This insures that the inserted question is inserted into the correct question group.
Executing the main questionnaire by clicking on the Open Architecture Questionnaire, should now display:
But at this stage, selecting the question SAMLv2 will have no effect. We need to create 1 more rule that imports the desired template if the user selects that question:
Step 4: Create a rule to import the template when the user chooses the SAMLv2 option:
The end result is that now the user can create a new product, choose an SSO solution and have the whole SAMLv2 template imported:
Article is closed for comments.