IriusRisk Team
|
The Threat Modeling Experts
May 8, 2024

Product Release 4.28

Overview

IriusRisk 4.28 includes these enhancements and improvements:

  • Manage your threat modeling process better with an enhanced Workflows user interface and experience
  • Improved access to key component details when diagramming
  • A ton of new API v2 endpoints including Project threat and countermeasure management, rules execution and retrieval, and library endpoints.

 

Improved access to key component details when diagramming

In this release we have improved how you access component details when diagramming. Right-clicking on a component and selecting “Component details” now opens up a panel on the right showing the component icon, name, description, tags, and other details. It also stays open until you close it, which means you can continue to interact with the diagram, even adding new components etc, all without losing access to the component information.

Manage your threat modeling process better with an enhanced Workflows user interface and experience

Workflows are a powerful feature that let you embed your threat modeling process into IriusRisk. You can use them to track threat model state, as well as trigger logic in the rules engine, making them an effective way of guiding the threat modeling process while also ensuring consistency of process.

In v4.28 we have improved the user interface and user experience of workflows. Creating a new workflow state is easy, simply click the “Add state” button.

Consistent with other parts of the product, this opens up a window on the right where you can fill in all of the state details. Add as many workflow states as you need. You can drag them between columns to reorder them if needed.

You can even customize the permissions associated with the states.

This is incredibly powerful because it means that you can dynamically change the permissions for users based on the lifecycle state of the model.

When you’re done, hit the “Apply changes” button and the workflow states are available for use.

New API v2 endpoints including Project threat and countermeasure management, rules execution and retrieval, and library endpoints.

We’ve reached well over 500 v2 API endpoints that you can use to automate and integrate IriusRisk into your SDLC and cybersecurity processes. And this release includes even more endpoints:

  • Librariessome text
    • Countermeasures creation, modification, retrieval, and assignment
    • Threat and Weakness update and deletion
  • Projectssome text
    • Project Diagram metadata retrieval
    • Threat creation and management
    • Countermeasure creation and management
    • Weakness creation and management
  • Rulessome text
    • Execute the rules over all visible projects
    • Reload all enabled rules into the containers
    • Gets all rules
    • Gets all the conclusions applicable to the module
  • Templatessome text
    • Threat creation and management
    • Countermeasure creation and management

What can you do with these new endpoints?

To help you think about all the amazing things you can do with these new endpoints, here’s a short list of ideas to get you started.

  • Dynamically build a Risk Pattern library using Threat Intelligence or Security Operations Center events as the input.
  • Automatically add threats and countermeasures to your project from other security systems such as SAST or DAST.
  • Trigger rules execution for all visible projects after making dynamic library changes.

For more information, see the support article available here: Zendesk

Deprecations

Release Notes

For more information, see the Version 4.28 Release Notes.

Shape the future of Threat Modeling with us!

Join IriusRisk Horizon - Customer Research, Product Discovery, and Early Access. Join today.