Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How does IriusRisk measure threats and countermeasures? #17

Open
HaebinTheori opened this issue Feb 15, 2024 · 1 comment
Open

How does IriusRisk measure threats and countermeasures? #17

HaebinTheori opened this issue Feb 15, 2024 · 1 comment

Comments

@HaebinTheori
Copy link

Hi, I am trying IriusRisk for threat modeling, and I think it is a great app in both quality and UX.
But one part that concerns me is that when I draw a dataflow diagram, only the threat and countermeasure output comes out, and it does not show me the reason or rule for the output.
I looked into this repo to check for specific rules for threat modeling, but I couldn't find one.
So my question is : How does IriusRisk measure threats and countermeasures? Can I access the specific rules or customize it somehow?
@stephendv1
Copy link
Contributor

Hi,

In the Community Edition, you can't edit the rules and the relationships that determine how a particular threat and countermeasure are associated with a component. That functionality is only available in the enterprise edition.
The rules are very powerful and are built on the JBoss Drools engine. Some documentation on how it can be used here: https://support.iriusrisk.com/hc/en-us/sections/5407184684561-Rules

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stephendv1 @HaebinTheori