Open an Existing Template
You can open an existing Template to view/edit the template.
1. Click on the Open Template on Home Page. The Open dialog window will open.
Figure 21 Home Page
In the dialog window, type in a name for the template you want to open or you can select template file from given list. In the File name drop-down, choose the tb7file that you want to open the page as: TB7 files(*.tb7)
Figure 22 File Open
Click Open . A tb7 file will be opened as the type you specified in the location you chose.
To update the template, follow the steps described in “Creating a New Threat Template”.
Alternately you can double click on template file and it will open template in template editor if TMT is installed on the machine.
Upgrading an existing Threat Model to use New Template
You will be encountering scenarios where a threat model was created using some version of template. Later on a security team/PM or other teams in the group may create a refined template which covers more security cases. You might want to upgrade your previous threat models to this new template so that if there are more security issues, you can identify them. The apply template feature applies a new template to an existing threat model.
1. Click on Open A Model on home page
1. Go to File -> Apply Template
Figure 23 Apply Template
Select the template which you want to apply to upgrade threat model to
Select Yes on the Confirmation Dialog box and also make a choice to delete the stale threats or keep them
Figure 24 Confirmation Dialog for Upgrade
Save upgraded Threat Model using File -> Save/Save As or Ctrl + S
Analysis of Threat Modeling Tool Output
The Analysis view allows you to analyze the threats generated for your diagram, identify which threats are not applicable, require investigation, require mitigation, or have been mitigated and verified. For models that have multiple diagrams, the threat list displayed is global and includes threat entries for all diagrams.
After a model is drawn, you will be presented with a list of threats. You’ll find the list of threats organized in a grid that shows for each threat:
Threat (STRIDE) Category
Each threat will have a Description field, which will have content for every auto-generated threat and a Justification field in which mitigation information can be entered by the user.
For newly generated threat models, the setting for auto-generation threat mode is enabled by default. For migrated threat models created with Threat Modeling Tool 3.1.8, the auto-generation threat mode is set to off. To turn it on go to Settings and select Enable Threat Generation. Each threat will have options that enable you to manage the identified threats. By default, the state of all newly generated threats is Not Started.
Default state for newly generated threat
Mitigation implemented and verified
Mark threat as needs mitigation
Mark threat as not applicable
Threats are generated using STRIDE per interaction. An interaction is defined by two elements connected by a data flow, and may include a boundary. If an element is marked Out of Scope threats will still be auto-generated for that interaction but the element itself will have visual feedback that is marked Out of Scope. You can also add a user-defined or custom threat by right-clicking on the desired data flow in the interaction and selecting Add User-defined Threat. When you do so you’ll find your custom threat at the end of the existing threat list. Threat priority is by default set to High. As applicable, it can be changed to Medium or Low.
There are no bids yet.
All Rights Reserved, Dataedy.com 2020