Yes, there is no restriction to Diagram functionality.

Yes, you can retrieve your project diagram in JSON via the SD Elements API. However, downloading and viewing the diagram is only available in the user interface.

No, the import diagram feature is not available via API because all of the processing is done in the front end.

You will no longer see the Save & continue to diagram button on the Survey page or the Diagram tab in the project menu.

You will no longer see threats list page in the project level or on the diagram canvas.

Yes you can. The threats feature is independent of the diagrams feature, and vice versa. The Threats feature is dependent on the Reusable Components feature flag, which is why it is nested underneath that section.

Diagrams can only be generated from stock Survey Answers.

You will lose Survey edits if you navigate away from the Survey page without saving or if the session times out (2 hours), which will affect any generated diagram.

No, adding or removing diagram components does not affect project Countermeasures. Project Countermeasures are brought in only from Project Survey answers.

No, only one person can edit a diagram, similar to Survey functionality.

An exported diagram is a representation of what you can see on the canvas. If only part of the diagram is visible on the canvas but you want to export the entire thing, click the [ - ] zoom button until you can see the all components, zones, and connectors.

You can add a label to a connector to denote an ingress or egress point.

You can create a text box by pressing t on your keyboard.

You can nest zones by pressing Ctrl+g (Windows) or Cmd+g (MAC)

At this time, SD Elements does not include functionality for resizing zones.

Some people in your organization may not be experts in threat modeling or feel confident using SD Elements for threat modeling. If a threat model diagram includes trust zones nested in a way that matches your architecture, more people will be encouraged to collaborate using SD Elements.

At this time, notifications for threat model diagram notes are not supported in SD Elements 2022.4. If you require such notification functionality, please reach out to your Customer Success Manager (CSM) to request their inclusion in a future SD Elements release.

Our existing content model doesn’t accommodate the auto generation of edges (connections) or zones (trust zones, trust boundaries). We hope to include this functionality in future releases.

Both nested zones and text boxes encourage collaboration among teams within your organization by helping people who might not be familiar with your team’s project understand the design and data flows.

At this time, the threat model diagram doesn’t have audit log capabilities, so notes captured as part of a diagram do not have a history of who wrote them.

Threats are applied to your project through the match conditions of the survey answers you have selected. More specifically, threats are brought into your project by Countermeasures and their associated Weaknesses.

Threat status comes from the Countermeasure status in the following way:

SD Elements does not have reporting for threats at this time. Using the advanced reporting feature, you can create a threat report which looks at your risk policy and Countermeasure status. Reach out to your Customer Success representative or Services program manager for assistance.

Yes, once the diagram has been imported and translated into SD Elements components you can edit the diagram before saving.

Custom stencils or shapes, are shown as generic components.

All import diagram functionality happens on the front end and is processed in the browser, so no you cannot mass import diagrams.

That functionality is not available at this time, diagrams can be uploaded one at a time through the UI.

The saved diagram will be overwritten after the user confirms that the imported diagram is going to overwrite the existing saved diagram.

At this time, you cannot create a custom icon to replace the generic component.

No, the only accepted formats at this time are TM7 (Microsoft Threat Modeling Tool) and diagrams.net. (also known as draw.io)

If there are survey answers and components which are not present in your imported diagram, the Diagram Out of Sync button will appear and allow you to add the missing components to keep your diagram and survey in sync.