IriusRisk Team
|
The Threat Modeling Experts
March 2, 2023

Product Update: Release 4.13

Product Update: Release 4.13

We are excited to announce the release of IriusRisk 4.13 which includes these new enhancements and features:

  • Get onboarded to IriusRisk faster by importing your LucidCharts diagrams
  • Get greater transparency by setting the reporter of Jira issues to the IriusRisk user for Jira Cloud instances
  • Focus on the countermeasures that matter with a new Component filter
  • and more!

Get onboarded to IriusRisk faster by importing your LucidCharts diagrams

Use your existing LucidCharts threat models inside IriusRisk.

Whether you’re a new customer wanting to onboard quickly, or an existing customer that wants get value from previous threat modeling work, the new API will let you use LucidChart diagrams exported as Visio VSDX files to quickly import and create a full IriusRisk threat model.

For example, this LucidChart diagram:

LucidChart Threat Model

Results in this threat model in IriusRisk:

IriusRisk LucidChart Threat Model

The AWS stencils are automatically mapped to the relevant components in IriusRisk, and the following simple mapping file maps the rest of the generic shapes.

Mapping files

For more information on using this new API, see our SwaggerHub documentation: https://app.swaggerhub.com/apis/continuumsecurity/IriusRisk/

Focus on the countermeasures that matter with a new Component filter

IriusRisk new component filter

The flattened and expanded countermeasure views in IriusRisk are a very powerful way of quickly seeing and managing all of the countermeasures for a project. However, sometimes you want to just briefly drill-down into a specific component without changing the view. You can now do that by simply applying a filter based on the component. And when you’re done, just clear the filters.

Support multiple resources with the same name in Terraform

Contrary to CloudFormation resources where its resource ID is unique and coincident with resource name, AWS Terraform resources are compounded by {AWS resource type}.{AWS resource name}. Although this declaration of same names for different type resources should be something to avoid, this is allowed for Terraform resources declared inside .tf files and may cause inconsistencies on resultant OTM name (and subsequently affect also to OTM id).

IriusRisk has been updated to support multiple components in the Terraform file with different types, but the same name.

For example:


resource "aws_db_instance" "a name" {}
resource "aws_rds_cluster" "a name" {}

This would have resulted in a conflict for “a name” even though they are of different component types. This is now resolved and the resulting OTM (and threat model) would now have two components of different types but both called “a name”.

Get greater transparency by setting the reporter of Jira issues to the IriusRisk user for Jira Cloud instances

In IriusRisk v4.9 we released a feature that let you set the Jira issue reporter as the IriusRisk user for Jira Server. In this release we’re making that available for Jira Cloud.

When IriusRisk creates a ticket in Jira, the reporter field is set to the service account used by IriusRisk, regardless of which IriusRisk user created the issue. You can enable a setting that will set the reporter of the issue to be the IriusRisk user, as if they had created it directly in Jira, if the user has the same email address in Jira and IriusRisk (otherwise it just uses the service account). This gives you much more for visibility and manageability of tasks inside Jira.

Jira Reporter

Security Content

We have a ton of new components in this release.

New Azure components:

  • Azure Dynamics 365
  • Azure Analysis Service
  • Azure DevOps Services
  • Azure Site Recovery
  • Azure Bot Service

New Generic components:

  • XDR (Extended Detection and Response)
  • EDR (Endpoint Detection and Response)
  • DLP (Data Loss Prevention)
  • SVB (Service Bus)
  • Instant messaging software
  • CRM (Customer Relationship Management)
  • CDN (Content Delivery Network)
  • ERP (Enterprise Resource Planning)
  • Antivirus
  • IPS (Intrusion Prevention System)
  • IDS (Intrusion Detection System)
  • SIEM (Security Information and Event Management)
  • Password manager

A new Financial Services category with two new components:

  • Payment gateway
  • Payment system
  • POI Device and Cardholder Data Environment have been moved to this new category

Plus we have added a new Kong Gateway component.

Release notes

For more information, see the Version 4.13 Release Notes.

Shape the future of Threat Modeling with us!

Join IriusRisk Horizon

IriusRisk Horizon - Customer Research, Product Discovery, and Early Access. Join today.