About ThreatModeler

Commonly asked questions about ThreatModeler

  • 13 Topics
  • 3 Replies

13 Topics

P
prowarenessit
asked in About ThreatModeler

Are public free email addresses not allowed for the ThreatModeler community sign up?

Thanks for the great tool, and allowing a community edition for the security community.The sign up page here https://community.threatmodeler.net/auth/signup does not allow signing up with gmail or hotmail. When entered an email address with gmail.com or hotmail.com, and error “Given email domain is in the restricted list” is displayed.For some of our consultants that work with us on contract basis, they can’t sign up with their private emails.What are the allowed domains? Only privately help business domains are allowed for sign up?

2
P
2 months ago
T
ThreatModeler
published in About ThreatModeler

In ThreatModeler, there are five Threat risk levels. Can you describe those five risk levels?F.A.Q.

ThreatModeler does not provide a specific definition for risk levels. It depends on the organization’s requirements and policies. Our in-house TRC defines the risk based on the description of the threat from CAPEC, OWASP, and WASC. If you feel a risk rating is not desired, you can change the rating for it.

221
P
1 year ago
T
ThreatModeler
published in About ThreatModeler

What is DEPRECATE in ThreatModeler? Does it have any impact on threat models using such threat framework entities?F.A.Q.

DEPRECATE is used as a prefix for different threat framework entities, which means these entities won't support any future content updates provided by ThreatModeler. It does not have any impact on existing threat models using these threat framework entities.

60
T
2 years ago
T
ThreatModeler
published in About ThreatModeler

What exports are available in ThreatModeler?F.A.Q.

Users can export a PDF, Excel in xlsx format, the PNG format image, and JSON for different threat model entities.PDF – Report of a Threat Modelxlsx – List of Threats and Security Requirement at a threat model as well as component level.JSON – Export the diagram of a threat model.PNG – Export the diagram of a threat model.

190
T
2 years ago
T
ThreatModeler
published in About ThreatModeler

What is a Template in ThreatModeler?F.A.Q.

Templates are complete or partial threat models saved from the diagramming canvas into the template’s library. The saved templates can include various components, communication protocol links, component properties, and groups. Templates are not active threat models, nor do they create and store templates that consume ThreatModeler licenses. Instead, one can use the templates function as reusable building blocks from which new threat models can be made, or existing threat models can be modified quickly.Note: Template or multiple template imports in a threat model is available only for unlimited license customers.

120
T
2 years ago
T
ThreatModeler
published in About ThreatModeler

What are Notes in ThreatModeler?F.A.Q.

Notes are fields that allow users to input specific information to the Threat Model entity. One can attach notes to components, threats, and security requirements of the threat model.

60
T
2 years ago
T
ThreatModeler
published in About ThreatModeler

What is a Security Requirement Portfolio?F.A.Q.

The Security Requirement portfolio is a list of Security Requirements applicable to the selected control section of the chosen compliance when a user selects a status from the pie chart. The list of Security Requirements changes based on the selection and the number of occurrences tied to that Security Requirement.

80
T
2 years ago
T
ThreatModeler
published in About ThreatModeler

What is the best practice for creating custom content?F.A.Q.

The best practice for custom content creation occurs in your library. In ThreatModeler v5.4.1, all the out-of-the-box libraries - AWS, Azure, GCP, and ThreatModeler - are accessible to all the user authorizations except superuser, as the content updater tool from ThreatModeler will affect all the changes by the users in these four libraries.We recommend you copy the threat framework entities that require customization to your default library. You are able to add/modify the threat intelligence to any threat framework entity in your library without having an effect on future ThreatModeler content updates.

120
T
2 years ago
T
ThreatModeler
published in About ThreatModeler

Does it affect current threat models if a security requirement mapped to a threat/component is modified/deleted?F.A.Q.

If a security requirement mapped to a threat/component is modified or deleted, it will affect all the threat models where the component/threat is in use.

80
T
2 years ago
T
ThreatModeler
published in About ThreatModeler

Does it affect current threat models if a threat mapped to a component is modified/deleted?F.A.Q.

If a threat mapped to a component is modified or deleted, it will affect all the threat models where the component is in use.

110
T
2 years ago
T
ThreatModeler
published in About ThreatModeler

What is Automatic Threat Mitigation?F.A.Q.

The Automated threat mitigation functionality automatically changes the Threat’s status based on the associated Security Requirements status.Let’s assume that Threat A has the following three Security Requirements: Security Requirement 1, Security Requirement 2, and Security Requirement 3. If the user has implemented all three Security Requirements, then the status of Threat A will also be automatically mitigated. Suppose the user has implemented all the security requirements; then the Threat's status will be changed to Mitigated automatically. If the user is implementing at least one of the security requirements, the associated Threats will change status to Partially Mitigated automatically.Automated Threat Mitigation functionality is applicable for the following libraries threat  status:AWS  Azure  GCP  ThreatModeler 

130
T
2 years ago
T
ThreatModeler
published in About ThreatModeler

What is Accelerator for AWS?F.A.Q.

It is a service provided under ThreatModeler Enterprise edition where ThreatModeler integrates with AWS cloud service provider and automatically builds threat models using cloud configuration data.

160
T
2 years ago
T
ThreatModeler
published in About ThreatModeler

What is Accelerator for Azure?F.A.Q.

It is a service provided under ThreatModeler Enterprise edition where ThreatModeler integrates with Azure cloud service provider and automatically builds threat models using cloud configuration data.

400
T
2 years ago
Terms & ConditionsCookie settings