Yes, there is no restriction to Diagram functionality. A new microservice running in the backend saves diagrams, however, that is not available to VM deployment customers. This is available to VM deployment and SaaS customers as well.

Yes, you can retrieve your project diagram in JSON via the SD Elements API. However, downloading and viewing the diagram is only available in the user interface.

No, the import diagram feature is not available via API because all of the processing is done in the front end.

You will no longer see the Save & continue to diagram button on the Survey page or the Diagram tab in the project menu.

As of the 2023.4 beta release, Threats, Weaknesses, and Countermeasures can be generated from the diagram canvas.

You will no longer see threats list page in the project level or on the diagram canvas. Threats will be generated but will not be shown in the user interface of your project as of the 2023.4 beta release.

Yes, you can. The threats feature is independent of the diagrams feature, and vice versa. The Threats feature is dependent on the Reusable Components feature flag, which is why it is nested underneath that section.

As of the 2023.4 beta release, Threats, Weaknesses, and Countermeasures can be generated from the diagram canvas. We recommend that you choose to use the diagram or the survey, but if you complete a survey after saving the diagram, Threats, Weaknesses, and Countermeasures will be generated from both the survey and diagram.

Diagrams can only be generated from out of the box Survey Answers.

You will lose Survey edits if you navigate away from the Survey page without saving or if the session times out (2 hours), which will affect any generated diagram.

Yes, as of the 2023.4 beta release, Threats, Weaknesses, and Countermeasures can be generated from the diagram canvas.

No, only one person can edit a diagram, similar to Survey functionality.

An exported diagram is a representation of what you can see on the canvas. If only part of the diagram is visible on the canvas but you want to export the entire thing, click the [ - ] zoom button until you can see the all components, zones, and connectors.

You can add a label to a connector to denote an ingress or egress point.

You can create a text box by pressing t on your keyboard.

You can nest zones by pressing Ctrl+g (Windows) or Cmd+g (MAC)

At this time, SD Elements does not include functionality for resizing zones.

Some people in your organization may not be experts in threat modeling or feel confident using SD Elements for threat modeling. If a threat model diagram includes trust zones nested in a way that matches your architecture, more people will be encouraged to threat model using SD Elements.

At this time, notifications for threat model diagram notes are not supported in SD Elements 2022.4. If you require such notification functionality, please reach out to your Customer Success Manager (CSM) to request their inclusion in a future SD Elements release.

Our existing content model doesn’t accommodate the auto generation of edges (connections) or zones (trust zones, trust boundaries). We hope to include this functionality in future releases.

Both nested zones and text boxes encourage collaboration among teams within your organization by helping people who might not be familiar with your team’s project understand the design and data flows.

At this time, the threat model diagram doesn’t have audit log capabilities, so notes captured as part of a diagram do not have a history of who wrote them.

As of the 2023.4 beta release, Threats, Weaknesses, and Countermeasures can be generated from the diagram canvas in addition to a completed survey. Threats are applied to your project through the match conditions of the survey answers you have selected or the threats associated with a component. More specifically, threats are brought into your project by Countermeasures and their associated Weaknesses of the component.

Threat status comes from the Countermeasure status in the following way:

SD Elements does not have reporting for threats at this time. Using the advanced reporting feature, you can create a threat report which looks at your risk policy and Countermeasure status. Reach out to your Customer Success representative or Services program manager for assistance.

Yes, once the diagram has been imported and translated into SD Elements components you can edit the diagram before saving.

Custom stencils or shapes, are shown as generic components which you can then replace with its correct component. Threats, weaknesses and countermeasures are not generated for generic components.

All import diagram functionality happens on the front end and is processed in the browser, so you cannot mass import diagrams.

That functionality is not available at this time, diagrams can be uploaded one at a time through the UI.

The saved diagram will be overwritten after the user confirms that the imported diagram is going to overwrite the existing saved diagram.

As of the 2023.4 release, you can now select preset icons from a list to represent your reusable component while you threat model or diagram. See Reusable Components for more information.

No, the only accepted formats at this time are TM7 (Microsoft Threat Modeling Tool) and diagrams.net. (also known as draw.io)

No, the JSON file must be in a specific format that SD Elements will accept. To see an example in the correct format, create a diagram and download the corresponding JSON file.

If there are survey answers and components which are not present in your imported diagram, the Diagram Out of Sync button will appear and allow you to add the missing components to keep your diagram and survey in sync.

As of the 2023.4 beta release, Threats, Weaknesses, and Countermeasures can be generated from the diagram canvas. The corresponding Threats, Weaknesses, and Countermeasures will be cumulative of the survey and diagram.