Commonly asked questions about ThreatModeler
- 12 Topics
- 1 Reply
In ThreatModeler, there are five Threat risk levels. Can you describe those five risk levels?F.A.Q.
ThreatModeler does not provide a specific definition for risk levels. It depends on the organization’s requirements and policies. Our in-house TRC defines the risk based on the description of the threat from CAPEC, OWASP, and WASC. If you feel a risk rating is not desired, you can change the rating for it.
What is DEPRECATE in ThreatModeler? Does it have any impact on threat models using such threat framework entities?F.A.Q.
DEPRECATE is used as a prefix for different threat framework entities, which means these entities won't support any future content updates provided by ThreatModeler. It does not have any impact on existing threat models using these threat framework entities.
What exports are available in ThreatModeler?F.A.Q.
Users can export a PDF, Excel in xlsx format, the PNG format image, and JSON for different threat model entities.PDF – Report of a Threat Modelxlsx – List of Threats and Security Requirement at a threat model as well as component level.JSON – Export the diagram of a threat model.PNG – Export the diagram of a threat model.
What is a Template in ThreatModeler?F.A.Q.
Templates are complete or partial threat models saved from the diagramming canvas into the template’s library. The saved templates can include various components, communication protocol links, component properties, and groups. Templates are not active threat models, nor do they create and store templates that consume ThreatModeler licenses. Instead, one can use the templates function as reusable building blocks from which new threat models can be made, or existing threat models can be modified quickly.Note: Template or multiple template imports in a threat model is available only for unlimited license customers.
What is a Security Requirement Portfolio?F.A.Q.
The Security Requirement portfolio is a list of Security Requirements applicable to the selected control section of the chosen compliance when a user selects a status from the pie chart. The list of Security Requirements changes based on the selection and the number of occurrences tied to that Security Requirement.
What is the best practice for creating custom content?F.A.Q.
The best practice for custom content creation occurs in your library. In ThreatModeler v5.4.1, all the out-of-the-box libraries - AWS, Azure, GCP, and ThreatModeler - are accessible to all the user authorizations except superuser, as the content updater tool from ThreatModeler will affect all the changes by the users in these four libraries.We recommend you copy the threat framework entities that require customization to your default library. You are able to add/modify the threat intelligence to any threat framework entity in your library without having an effect on future ThreatModeler content updates.
What is Automatic Threat Mitigation?F.A.Q.
The Automated threat mitigation functionality automatically changes the Threat’s status based on the associated Security Requirements status.Let’s assume that Threat A has the following three Security Requirements: Security Requirement 1, Security Requirement 2, and Security Requirement 3. If the user has implemented all three Security Requirements, then the status of Threat A will also be automatically mitigated. Suppose the user has implemented all the security requirements; then the Threat's status will be changed to Mitigated automatically. If the user is implementing at least one of the security requirements, the associated Threats will change status to Partially Mitigated automatically.Automated Threat Mitigation functionality is applicable for the following libraries threat status:AWS Azure GCP ThreatModeler
Already have an account? Login
Social LoginLogin with LinkedIn
Login to the community
No account yet? Create an account
Social LoginLogin with LinkedIn
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.