IriusRisk Toolkit UI (https://github.com/continuumsecurity/iriusrisktoolkitui) includes a functionality to generate reports about frequently asked questions when updating or editing IriusRisk libraries such as:
- How can I know the origin of a risk pattern in a product?
- How many rules does a library have and which are?
- How can I see if a certain answer to a question is used in a rule?
To answer these and other questions you can use the following functionality:
In this window, you will need to select the libraries* and the question to ask. Some of these questions may ask for parameters:
If the question needs a reference ID it can be written in the input box
If the question is related to a risk pattern, it can be selected from the selectable box
If the library is not loaded automatically because it is outside the libraries folder you can click the “Load risk patterns from uploaded library only” button after selecting the library with the Browse button.
*If the library is already in the iriusrisktoolkit/libraries directory it will appear automatically with a checkbox. Otherwise, it can be selected from the “browse” option.
Reports will indicate which components and rules are related to the question and also you will be able to browse every rule detail: