Summary
ThreatGet provides a comprehensive summary of all outcomes determined during the threat analysis process. Users can generate the summary by pressing the Summary button.
The summary provides an overview of the likelihood, impact, and risk levels for all identified threats. It also categorizes threats according to the STRIDE classification. Additionally, the summary indicates whether the user has defined a treatment plan for any of the identified risks.
Report Generation
ThreatGet generates a comprehensive report that includes all identified threats detected by the tool. Once the Generate Report button is pressed, the tool will automatically collect all identified threats and generate the file.
An Excel spreadsheet file will be automatically generated and will include details about threats, their category, description, likelihood, and attack feasibility information. The next section includes descriptions of the different sections of the excel sheet.
Report Contens
The file comprises different sections, each providing additional details about the threat analysis process.
Main Page
The main page displays a screenshot of the analyzed diagram, along with the diagram name and the report generation date at the top of the page.
TARA
ThreatGet follows an approach similar to the Threat Analysis and Risk Assessment (TARA) process according to the ISO/SAE 21434 standard. The TARA section of the generated report includes detailed information about all threats, along with descriptions with highlighting the affected source/target components.
In addition, the report contains all related information regarding risk assessment, including Likelihood, Impact, and Attack Feasibility. It also includes any changes related to the values of Attack Feasibility parameters such as Elapsed Time, Expertise, Knowledge, Window of Opportunity, and Equipment. Additionally, any discussions related to Risk Treatment are included within the report.
Security Concept
This section provides an overview of all security properties and related parameters defined for each system element and port.
Damage Scenario Matrix
This section encompasses all information related to the system's assets, including their Descriptions and Security Attributes such as Confidentiality, Integrity, and Availability. Additionally, it provides details on Damage Scenarios, including Descriptions, Impact levels, and Categories.
The section also defines the matrix relation between assets and damage scenarios.
Assumprions
A list of all previously created assumptions will be included in the documentation.
Risk Matrix
This section presents a risk matrix that illustrates the distribution of risk levels based on likelihood and impact severity. The matrix includes a heat map to visually represent the concentration and severity of identified risks.
This risk matrix is generated based on the matrix defined at the project level, as outlined on the Risk Matrix page.