Skip to content

Introduction to THREATGET

Creating a diagram

The First step is to add a model, this can be done by right clicking the Model from the Project Browser, and then clicking on Add a Model using Wizard, as shown below.

Right-Click the model from Project Browser in EA and click on 'Add a model using wizar...'

You can choose between two THREATGET diagrams. To create an empty diagram, please select THREATGET Diagram and then click on Create Pattern. You can model in the THREATGET empty diagram a simple example with elements, connections, boundaries, and tagged values.

The THREATGET Diagram with Example is a pre defined THREATGET AIT-model that contains elements, connections, and tagged values from the THREATGET Toolbox. It also includes a model description. This diagram is a reasonable basis for the first execution of THREATGET.

The 'THREATGET - Threat Management Tool' model contains a 'THREATGET Diagram' and a 'THREATGET diagram with example'

You can now open the default example by expanding Model and then THREATGET Example and double-clicking on Threat Model.

Note: If you can not see the THREATGET model variations in "Add Model Using wizard ...", then check your ThretGet installation & server configuration

Running the Analysis

In the Project Browser, right-click either on the package or the diagram itself and then select Specialize ➺ THREATGET Analysis ➺ Threat Analysis. In our case, the package is called THREATGET Example.

Richt-Click on the Diagram. Select Specialize, THREATGET Analysis, Threat Analysis

The Threat Analysis creates a new package where analysis details are stored. It is visible in the Project Browser and can be deleted when it is no longer needed. Further, a new tab titled Threat Analysis is opened.

The THREATGET results in the Project Browser in EA

Threat Analysis generates a list of all the potential threats of overall affected elements in the given example model, as shown below.

The created THREATGET Interface which present a detailed summery of the analysis

Scroll in the Threat List table to reveal Impact and Likelihood values. On the right side, there is a diagram that depicting the selected threat. If several elements are involved in a threat, they are all in the diagram. All related details for each identified threat can be viewed at the bottom section represented as Threat Details.

Each Threat is categorized based on the STRIDE model and is further annotated with two additional parameters, Impact and Likelihood.

The risk severity is calculated as Impact x Likelihood. An explanation can be accessed by clicking on the Cyber Security Risk Assessment link. The dialog is show below.

The Cyber Security Risk Assessment shows how the Risk, Likelihood & Impact are calculated

Five chart styles are available for representing the distribution of threats based on the Severity of the Risk, as shown below.

Five styles of a chart. 'Pie, Doughnut, Bar, Column & Polar'

The diagrams on the right are also available in the analysis package.

Threats corresponding to each communication flow can be viewed by expanding the subpackage in the Threat Analysis package in the Project Browser. The diagram below represents the threats corresponding to communication flow Key Fob to Lock/Unlock antenna. Similarly, threats corresponding to any communication flow in the project browser can be viewed.

A diagram with a connection between a Key Fob & an external interaction

Printing a Report

To generate a threat analysis report click on Print Report button as shown below.

Left-Click on 'Print Repirt' in the Threat Interface

Click on the symbol ... adjacent to Save Output to, select the destination file path to save the report as shown below.

Select the Threats & the saving path

After you have selected the desired path, you can now specify whether you want to have all or part of the analysis in the report. By default, all threats found are selected. You can deselect individual threats by clicking the box. You can also use Select/deselect all to select or deselect all elements at once.

Now you can open the THREATGET Report and explore the details of the analysis.