Existing draw.io diagrams can be imported into IriusRisk and their components and dataflows mapped to IriusRisk components, so that threats and countermeasures can be generated for them.
For example, given the following diagram drawn using the default shape libraries:
This can be imported into IriusRisk from the Diagram tab, using the File -> Import From action:
Note that clicking on the "Update the Model" button at this point, will not have any effect, since none of the shapes in the diagram are mapped to IriusRisk components.
Once the shapes are mapped, IriusRisk will be able to automatically generate threats and countermeasures for them. Not that it's not necessary that all shapes are mapped to IriusRisk components. Un-mapped components are simply ignored by the threat model generation process.
Note, if you try to generate the model at this point, you'll see an error because the components do not belong to a TrustZone and this is a requirement for all IriusRisk components.
Drag the appropriate Trustzones onto the diagram, and then drag the shapes onto the Trustzones:
Click the update model button to now generate the model for all mapped components. The threats and countermeasures can now be viewed on their respective tabs.
Importing other diagramming formats
IriusRisk now uses the Open Threat Modeling (OTM) format for all external file imports. The number of importable formats is constantly increasing and currently includes Terraform, CloudFormation and Visio: https://www.iriusrisk.com/resources-blog/threat-modeling-workflow-for-microsoft-visio
More information on OTM here: https://www.iriusrisk.com/resources-blog/introduction-to-the-open-threat-model-standard
Comments
0 comments
Article is closed for comments.