Skip to content

Summary

ThreatGet provides a comprehensive summary of all outcomes determined during the threat analysis process. Users can generate the summary by pressing the Summary button.

Results Summary

The summary provides an overview of the likelihood, impact, and risk levels for all identified threats. It also categorizes threats according to the STRIDE classification. Additionally, the summary indicates whether the user has defined a treatment plan for any of the identified risks.

Report Generation

ThreatGet generates a comprehensive report that includes all identified threats detected by the tool. Once the Generate Report button is pressed, the tool will automatically collect all identified threats and generate the file.

Results Summary

An Excel spreadsheet file will be automatically generated and will include details about threats, their category, description, likelihood, and attack feasibility information. The next section includes descriptions of the different sections of the excel sheet.

Report Contens

The file comprises different sections, each providing additional details about the threat analysis process.

Main Page

The main page displays a screenshot of the analyzed diagram, along with the diagram name and the report generation date at the top of the page. Main Page

TARA

ThreatGet follows an approach similar to the Threat Analysis and Risk Assessment (TARA) process according to the ISO/SAE 21434 standard. The TARA section of the generated report includes detailed information about all threats, along with descriptions with highlighting the affected source/target components.

TARA

In addition, the report contains all related information regarding risk assessment, including Likelihood, Impact, and Attack Feasibility. It also includes any changes related to the values of Attack Feasibility parameters such as Elapsed Time, Expertise, Knowledge, Window of Opportunity, and Equipment. Additionally, any discussions related to Risk Treatment are included within the report.

Security Concept

This section provides an overview of all security properties and related parameters defined for each system element and port.

Security Concept

Damage Scenario Matrix

This section encompasses all information related to the system's assets, including their Descriptions and Security Attributes such as Confidentiality, Integrity, and Availability. Additionally, it provides details on Damage Scenarios, including Descriptions, Impact levels, and Categories.

Damage Scenario Matrix

The section also defines the matrix relation between assets and damage scenarios.

Assumprions

A list of all previously created assumptions will be included in the documentation.

Assumprions

Risk Matrix

This section presents a risk matrix that illustrates the distribution of risk levels based on likelihood and impact severity. The matrix includes a heat map to visually represent the concentration and severity of identified risks.

Risk Matrix

This risk matrix is generated based on the matrix defined at the project level, as outlined on the Risk Matrix page.