We are excited to announce the release of IriusRisk 4.11 which includes these new enhancements and features:
- Configure issue trackers at the Threat level
- Support multiple files for Terraform and CloudFormation APIs
- Change the color of dataflows
- New Audit Log API endpoint
- And more!
Create issues for threats and configure issue trackers at the threat level
In addition to countermeasures and weaknesses, you can now create issue tracker issues for threats. This can be useful for tracking purposes such as linking countermeasure issues to a parent threat issue. It can also be used where further work is needed to be done based on the threat, such as research or identifying additional countermeasures.
In addition to creating issues for threats, you can also configure the issue tracker at the threat level. This means you can for example send threat issues to a security team’s backlog, and controls to engineering teams, all from the same IriusRisk project. Or you could use a different issue type for threats and countermeasures.
Change the dataflow colors
IriusRisk v4.11 allows you to customize the colors of the dataflows in your threat model diagrams, giving you more control over the visual representation of your system. For example, you can use red to represent dataflows from high-risk trustzones, or change the color based on the assets going across the dataflow.
Open Threat Model
Support for multiple Infrastructure as Code files
For anything other than trivial examples, most Infrastructure as Code configuration is best split across multiple files or repositories. Sometimes this is just good practice, such as separating network controls from service infrastructure, and sometimes it is because different teams own different parts of the infrastructure and work in their own code repositories.
As of this release, the IriusRisk API endpoints for CloudFormation and Terraform now support multiple files, and will automatically merge them into a single threat model.
New Startleft Processors documentation
Create your own OTM parser by following new guidance on writing a Startleft Processor. Our Github documentation site for Startleft now includes a comprehensive document on creating your own parser using the Startleft Processor (SLP) architecture.
Simplified Terraform mapping
We have simplified the mapping file structure for Terraform files, for example by moving a lot of the repeated configuration into reusable defaults, so now it is even easier to create or customize Terraform to IriusRisk parsing.
To get started creating your own mapping file, or modifying the IriusRisk provided one, see https://iriusrisk.github.io/startleft/startleft-processors/iac/tf/Terraform-how-to-create-a-basic-mapping-file/
Analytics and Reporting
New Entities for the Analytics module
This release of IriusRisk includes a load of new Entities that dramatically simplify creating custom queries and dashboards in the Analytics Module. Entities hide away a lot of the complexity in the data structures in IriusRisk by providing a reusable dataset for any given topic such as Projects, Threats, or Countermeasures. These can then be combined without having to deal with the complexity of Postgres join operations on the database.
This release includes the following new entities:
- Audit Events
- User and User Security
New Audit Events API
Following on from the new React-based Audit Log released in v4.9, we have created a new end point that allows you to access audit events over an API.
For more information, take a look at the SwaggerHub documentation: https://app.swaggerhub.com/apis/continuumsecurity/IriusRisk/1.19.0#/Audit%20Log/get_api_v1_audit_events
This release includes the following new Cloud components:
- GCP Looker Studio
- GCP Dataflow
- GCP DLP (Data Loss Prevention)
- GCP DNS (Domain Name System)
- GCP Spanner
- GCP Resource Manager
- GCP Compute Engine
- GCP Container Registry
- GCP Data Catalog
- GCP Secret Manager
- GCP KMS (Key Management Service)
- GCP Memorystore for Redis
- GCP VPC Service Controls
- GCP Anthos Service Mesh
- GCP Apigee X
- GCP Artifact Registry
- AWS Apache Flink
- AWS ElastiCache for Redis
- AWS Hyperledger Fabric
- AWS Ethereum
Updated security standards
CIS Microsoft Azure Foundations Benchmark has been updated to 1.5.0
For more information, see the Version 4.11 Release Notes.
Shape the future of Threat Modeling with us!
Join IriusRisk Horizon
IriusRisk Horizon - Customer Research, Product Discovery, and Early Access
Bringing you the latest on all things threat modeling and architectural security.