FAQ

Table of Contents

Access

Can customers using VM deployment access the Diagram feature?

Yes, there is no restriction to Diagram functionality.

Is the Diagram feature available via API?

Yes, you can retrieve your project diagram in JSON via the SD Elements API. However, downloading and viewing the diagram is only available in the user interface.

Is the Import Diagram feature available via API?

No, the import diagram feature is not available via API because all of the processing is done in the front end.

What happens if I turn off the Diagram feature?

You will no longer see the Save & continue to diagram button on the Survey page or the Diagram tab in the project menu.

What happens if I turn off the Threats feature?

You will no longer see threats list page in the project level or on the diagram canvas.

Can I have the Diagrams feature turned off but the Threats feature turned on?

Yes you can. The threats feature is independent of the diagrams feature, and vice versa. The Threats feature is dependent on the Reusable Components feature flag, which is why it is nested underneath that section.

Surveys and diagrams

What if I have a custom Survey?

Diagrams can only be generated from stock Survey Answers.

What if I don’t save the Survey before opening the Diagram page?

You will lose Survey edits if you navigate away from the Survey page without saving or if the session times out (2 hours), which will affect any generated diagram.

Working with the canvas

Do components added to a generated diagram bring new Countermeasures into the project?

No, adding or removing diagram components does not affect project Countermeasures. Project Countermeasures are brought in only from Project Survey answers.

Can multiple people edit a diagram at the same time?

No, only one person can edit a diagram, similar to Survey functionality.

How can I export an image of the entire diagram?

An exported diagram is a representation of what you can see on the canvas. If only part of the diagram is visible on the canvas but you want to export the entire thing, click the [ - ] zoom button until you can see the all components, zones, and connectors.

How can I visualize ingress/egress points in a diagram?

You can add a label to a connector to denote an ingress or egress point.

Is there a keyboard shortcut for text box tool?

You can create a text box by pressing t on your keyboard.

Is there a keyboard shortcut for nesting trust zones?

You can nest zones by pressing Ctrl+g (Windows) or Cmd+g (MAC)

How do I resize a zone?

At this time, SD Elements does not include functionality for resizing zones.

Why should I nest trust zones if it will not impact threat identification?

Some people in your organization may not be experts in threat modeling or feel confident using SD Elements for threat modeling. If a threat model diagram includes trust zones nested in a way that matches your architecture, more people will be encouraged to collaborate using SD Elements.

What if I want people to be notified via email and/or Slack when I add a note within a diagram text box?

At this time, notifications for threat model diagram notes are not supported in SD Elements 2022.4. If you require such notification functionality, please reach out to your Customer Success Manager (CSM) to request their inclusion in a future SD Elements release.

When will SD Elements trust boundaries and trust zones inform me about the impact on threats in the same way that IriusRisk and ThreatModeler work today?

Our existing content model doesn’t accommodate the auto generation of edges (connections) or zones (trust zones, trust boundaries). We hope to include this functionality in future releases.

Beyond visualization, what is the value of nested zones and text box notes?

Both nested zones and text boxes encourage collaboration among teams within your organization by helping people who might not be familiar with your team’s project understand the design and data flows.

Is there a history or audit log of who has made changes to a diagram or a specific note?

At this time, the threat model diagram doesn’t have audit log capabilities, so notes captured as part of a diagram do not have a history of who wrote them.

Threats

How are threats applied to the project?

Threats are applied to your project through the match conditions of the survey answers you have selected. More specifically, threats are brought into your project by Countermeasures and their associated Weaknesses.

How is Threat status determined?

Threat status comes from the Countermeasure status in the following way:

  • If all countermeasures are done, the threat is mitigated.

    • All countermeasures must be complete or n/a to be mitigated.

  • If all countermeasures are not applicable, the threat is not applicable.

    • All countermeasures must be n/a for the threat to be not applicable.

  • If all countermeasures are in to do, the threat is unmitigated.

    • Countermeasures can be in a mix of to do and n/a for the threat to be unmitigated.

Are there out of the box reports for threats?

SD Elements does not have reporting for threats at this time. Using the advanced reporting feature, you can create a threat report which looks at your risk policy and Countermeasure status. Reach out to your Customer Success representative or Services program manager for assistance.

Import Diagram

Once I import the diagram, can I edit it?

Yes, once the diagram has been imported and translated into SD Elements components you can edit the diagram before saving.

If I have a custom stencil (Microsoft Threat Modeling Tool) or shape (diagrams.net aka draw.io), how will SD Elements translate that into a diagram?

Custom stencils or shapes, are shown as generic components.

Can I do a mass import of diagrams?

All import diagram functionality happens on the front end and is processed in the browser, so no you cannot mass import diagrams.

How can I onboard many diagrams at the same time?

That functionality is not available at this time, diagrams can be uploaded one at a time through the UI.

What happens if I already have a diagram saved and I import another?

The saved diagram will be overwritten after the user confirms that the imported diagram is going to overwrite the existing saved diagram.

Can I create a custom icon to replace the generic component?

At this time, you cannot create a custom icon to replace the generic component.

Can I import diagrams from IriusRisk?

No, the only accepted formats at this time are TM7 (Microsoft Threat Modeling Tool) and diagrams.net. (also known as draw.io)

If I answer the survey first and import a diagram afterwards what happens?

If there are survey answers and components which are not present in your imported diagram, the Diagram Out of Sync button will appear and allow you to add the missing components to keep your diagram and survey in sync.

results matching ""

    No results matching ""