All modifications to risk patterns and rules should be made in new custom libraries. When new versions of IriusRisk are released, we frequently also update our own libraries shipped with the product which will result in the library being replaced on update. Should you make any changes to the default libraries, these may be overwritten the next time the product is updated. To avoid this, modifications and additions should be made in a new library (or libraries):
A library can contain risk patterns as well as rules. When the rules engine is run, all rules in all libraries are executed, which allows you to create rules and patterns that add to the existing content provided by default.
Adding to the default content
In order to add new threats and/or countermeasures to existing risk patterns you would create a new risk pattern in your own library that contained the content you needed. Then you would create a rule in your library that caused your risk pattern to be imported, whenever the default IriusRisk risk pattern was imported. For example, the default risk pattern for "HTTP Service" is:
If you wanted to add a new threat to this pattern, you should create a new pattern that used the same use-case names as the default pattern and included this threat, e.g.:
And then create a new rule in the ACME library that imports this risk pattern anytime the "HTTP Service" pattern is imported:
This results in the additional threat being imported along with the default content in the HTTP service:
Removing or Modifying Default Content
Adding new content to the existing default content as described above is straightforward, since the import process is additive. But removing existing content requires exporting the corresponding default library, deleting it from the system, and then importing it using a different name and unique ID. As long as the unique ID is not one of the ID's used for the default libraries, then any changes to the library will be permanent and won't be overridden by future updates.
Note that rules in an imported library that have an action of "Import Risk Pattern" that also refer to the library itself, will need to be updated if the library ID is modified.
Once the library is imported, the rules can be edited and updated.