Skip to content

Summary

ThreatGet provides a comprehensive summary of all outcomes determined during the threat analysis process. Users can generate the summary by pressing the Summary button.

This view includes three main areas:

  • REPORT (top-left corner): Enter a name or use a pre-defined one, then click the Generate Report button.
  • NEXT ITERATION (top-right corner): Select the step where you want to start the next iteration and click the Go! button.
  • SUMMARY: Contains two tabsThreat Scenarios and Attack Steps — each displaying its own set of charts.

Summary - Threat Scenarios

In the Threat Scenarios tab, the following charts are displayed to provide an overview of all identified threats:

  • Likelihoods: Calculated from the attack feasibilty and shows the probability of each attack step occurring.
  • Impacts: Illustrates the potential consequences or severity of threats.
  • Risks: Combines likelihood and impact to highlight overall risk levels.
  • STRIDE Categories: Categorizes threats based on the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege).
  • Assets: Displays which assets are affected by identified threats.
  • Damage Scenarios: Outlines potential damage outcomes for each threat.
  • Risk Treatments: Shows the planned mitigation or treatment strategies for each risk.

Results Summary

Summary - Attack Steps

In the Attack Steps tab, the following charts are displayed to provide an overview of all attack activities and associated risks:

  • Likelihoods: Calculated from the attack feasibilty and shows the probability of each attack step occurring.
  • Risk Treatments: Displays the planned mitigation or treatment strategies for each attack step.
  • STRIDE Categories: Categorizes attack steps according to the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege).
  • Targets: Highlights the assets or components targeted by each attack step.

Results Summary

Report

ThreatGet follows an approach similar to the Threat Analysis and Risk Assessment (TARA) process according to the ISO/SAE 21434 standard. Once the Generate Report button is pressed, the tool will automatically collect all identified threats and relevant iteration details and generate the file. The file offers different sections, each providing additional details about the threat analysis process:

  • System Model
  • Threat Scenarios
  • Attack Steps
  • Attack Trees
  • System Configuration
  • Asset and Damage Scenarios
  • Assumptions
  • Attack Rules
  • Value Legend
  • Function
  • Signals

System Model

Shows the project and TARA names, the date the report was generated, and a diagram of the analyzed system model.

Results Summary

Threat Scenarios

Displays detailed information for all identified threat scenarios, including status, title, asset, damage scenario, target, risk level, impact level, risk treatment, security goal/claim, rationale, description, impact categories, attack feasibility, security attributes, STRIDE categories, and attack step IDs.

Results Summary

Threat Scenarios Removed

Maintains a record of all threat scenarios that have been removed, including their associated details.

Results Summary

Attack Steps

Shows detailed information about all identified attack steps - status, target, title, likelihood, risk treatment, security goal/claim, rationale, cyber security requirement, affected functions, affected signals, attack feasibility, description, STRIDE Ctageories, threat scenario IDs.

Results Summary

Attack Steps Removed

Tracks removed attack steps.

Results Summary

Attack Trees

Presents the identified attack tree diagrams together with their associated details, including rule title, asset, acquired capability, and target.

Results Summary

System Configuration

Displays elements, ports, and connectors along with relevant details such as name, child elements, functions, containing element, and system properties. This Excel sheet provides an exact representation of the diagram. An empty field for a system property indicates that the corresponding element does not possess that property.

Results Summary

Asset and Damage Scenario Matrix

Illustrates the relationship between assets and their corresponding damage scenarios, providing detailed information for both entities.

Asset: Name, description, relevant security attributes, and link to the associated damage scenario.

Damage Scenario: Name, justification, impact category and impact level.

Results Summary

Assumptions

Shows the assumptions of this iteration.

Results Summary

Attack Rules

Displays all identified attack rules in detail - ID, title, threat types, tag and version.

Results Summary

Value Legend

a risk matrix that illustrates the distribution of risk levels based on likelihood and impact severity. The matrix includes a heat map to visually represent the concentration and severity of identified risks.

This section presents the risk matrix associated with the current iteration based on likelihood and impact severity. It also displays the value of all likelihood and impact levels.

Results Summary

Functions

Illustrates all functions identified in this iterations in detail - reference ID, name and description

Results Summary

Signals

Provides all signals identified in this iterations in detail - reference ID, name and description

Results Summary