Can customers using VM deployment access the Diagram feature?

Yes, there is no restriction to Diagram functionality.

Is the Diagram feature available via API?

Yes, you can retrieve your project diagram in JSON via the SD Elements API. However, downloading and viewing the diagram is only available in the user interface.

What happens if I turn off the Diagram feature?

You will no longer see the Save & continue to diagram button on the Survey page or the Diagram tab in the project menu.

Surveys and diagrams

What if I have a custom Survey?

Diagrams can only be generated from stock Survey Answers.

What if I don’t save the Survey before opening the Diagram page?

You will lose Survey edits if you navigate away from the Survey page without saving or if the session times out (2 hours), which will affect any generated diagram.

Working with the canvas

Do components added to a generated diagram bring new Countermeasures into the project?

No, adding or removing diagram components does not affect project Countermeasures. Project Countermeasures are brought in only from Project Survey answers.

Can multiple people edit a diagram at the same time?

No, only one person can edit a diagram, similar to Survey functionality.

How can I export an image of the entire diagram?

An exported diagram is a representation of what you can see on the canvas. If only part of the diagram is visible on the canvas but you want to export the entire thing, click the [ - ] zoom button until you can see the all components, zones, and connectors.

How can I visualize ingress/egress points in a diagram?

You can add a label to a connector to denote an ingress or egress point.

Is there a keyboard shortcut for text box tool?

You can create a text box by pressing t on your keyboard.

Is there a keyboard shortcut for nesting trust zones?

You can nest zones by pressing Ctrl+g (Windows) or Cmd+g (MAC)

How do I resize a zone?

At this time, SD Elements does not include functionality for resizing zones.

Why should I nest trust zones if it will not impact threat identification?

Some people in your organization may not be experts in threat modeling or feel confident using SD Elements for threat modeling. If a threat model diagram includes trust zones nested in a way that matches your architecture, more people will be encouraged to collaborate using SD Elements.

What if I want people to be notified via email and/or Slack when I add a note within a diagram text box?

At this time, notifications for threat model diagram notes are not supported in SD Elements 2022.4. If you require such notification functionality, please reach out to your Customer Success Manager (CSM) to request their inclusion in a future SD Elements release.

When will SD Elements trust boundaries and trust zones inform me about the impact on threats in the same way that IriusRisk and ThreatModeler work today?

Our existing content model doesn’t accommodate the auto generation of edges (connections) or zones (trust zones, trust boundaries). We hope to include this functionality in future releases.

Beyond visualization, what is the value of nested zones and text box notes?

Both nested zones and text boxes encourage collaboration among teams within your organization by helping people who might not be familiar with your team’s project understand the design and data flows.

Is there a history or audit log of who has made changes to a diagram or a specific note?

At this time, the threat model diagram doesn’t have audit log capabilities, so notes captured as part of a diagram do not have a history of who wrote them.


How are threats applied to the project?

Threats are applied to your project through the match conditions of the survey answers you have selected. More specifically, threats are brought into your project by Countermeasures and their associated Weaknesses.

How is Threat status determined?

Threat status comes from the Countermeasure status in the following way:

  • If all countermeasures are done, the threat is mitigated.

    • All countermeasures must be complete or n/a to be mitigated.

  • If all countermeasures are not applicable, the threat is not applicable.

    • All countermeasures must be n/a for the threat to be not applicable.

  • If all countermeasures are in to do, the threat is unmitigated.

    • Countermeasures can be in a mix of to do and n/a for the threat to be unmitigated.

results matching ""

    No results matching ""