Community icon indicating copy to clipboard operation
Community copied to clipboard

Published 20 hours ago verified publisher icon iriusrisk

How does IriusRisk measure threats and countermeasures?

Open HaebinTheori opened this issue 1 year ago • 1 comments

Hi, I am trying IriusRisk for threat modeling, and I think it is a great app in both quality and UX. But one part that concerns me is that when I draw a dataflow diagram, only the threat and countermeasure output comes out, and it does not show me the reason or rule for the output. I looked into this repo to check for specific rules for threat modeling, but I couldn't find one. So my question is : How does IriusRisk measure threats and countermeasures? Can I access the specific rules or customize it somehow?

HaebinTheori avatar Feb 15 '24 02:02 HaebinTheori

Hi,

In the Community Edition, you can't edit the rules and the relationships that determine how a particular threat and countermeasure are associated with a component. That functionality is only available in the enterprise edition. The rules are very powerful and are built on the JBoss Drools engine. Some documentation on how it can be used here: https://support.iriusrisk.com/hc/en-us/sections/5407184684561-Rules

stephendv1 avatar Feb 15 '24 17:02 stephendv1