June 26, 2020

Version History

THREATGET v24.09

Major Features:

  • Support for TARA Workflow and enable process based TARA development
  • Iterative development of TARA and Versioning
  • Specify signals and functions in architecture
  • Enable definition of assumptions and usage in Risk Mitigation
  • Re-usable project-wide asset & damage scenario matrix, which can be adapted for each TARA
  • Extend from Attack paths towards Attack Trees, summarizing all attack paths for a threat scenario

Minor Features:

  • Change risk to likelihood for flat analysis (e.g. attack steps that do not directly impact a asset)
  • Versioning feature allows to set diagrams to read-only
  • Report now contains risk matrix, asset damage scenario matrix and assumptions
  • Affected components can be viewed directly in the architecture via the analyis

THREATGET v24.04

Major features:

  • ThreatGet is now completely in the web. This includes:
    • a web-based diagram editor
    • viewing the analysis in the browser
    • generating attack paths in the browser
    • a summary for the diagram
    • a report of the TARA which can be downloaded as xlsx
    • a matrix to link assets and damage scenarios
  • Automated calculation of the attack feasibility based on analysis attributes

Minor features:

  • The report has received a better structure and additional information (an image of the diagram, the assets and damage scenarios related to the threat in the TARA)
  • Use attack feasibility in the web view
  • Structured the impact on the principle of SFOP (Safety, Financial, Operational, Privacy)
  • Multiple STRIDE types per result are now possible
  • Notification when changes are overridden in the diagram editor and the analysis

Bugs fixed:

  • Fixed the searchbar in the rules and toolbox
  • Fixed issue where attack trees did not always contain context data when selecting the bottom node
  • Fixed issue where the diagram was not found if it was not saved the first time after opening it
  • Fixed damage scenario not loading correctly when retreiving it from the server

THREATGET v23.09

Major features:

  • Moved most of the logic to the web
  • Import Diagrams to the web
  • Conduct Analysis and view Diagrams and Results and Attack Paths in the browser
  • Risk Treatment in the web
  • Visualize affected components when selecting a result
  • Added Damage Scenarios and split it from asset
  • Added User Management
  • Added a new filter to make the likelihood depend on calculations instead of predefined values

Minor features:

  • Added theming
  • For tagged values it is now possible to see in which components they are used

Bugs fixed:

  • Various Minor Bugs fixed

THREATGET v23.04

Major features:

  • Manual Entry of Risks in the Results
  • The Attack Tree is now Stored for later Reference
  • New Report Page for the Cybersecurity Configuration

Minor features:

  • Threats now have a Unique Id
  • New Example based on ISO21434 Headlamp
  • Improved Information Messages

Bugs fixed:

  • Various Minor Bugs fixed

THREATGET v22.12

Major features:

  • Added optional ISO21434 Attack Feasibility rating
  • Export analysis results to Excel
  • Complete rework if web views

Minor features:

  • Show description of diagram elements in EA
  • Show description of selected tags on hover
  • Extension of autocomplete Features
  • Improved filtering analysis results with tags

Bugs fixed:

  • Various Minor Bugs fixed

THREATGET v22.07

Major features:

  • Integration of Ports
  • Improved Feedback at Web Frontend
  • Added History for Rules

Minor features:

  • Display Source and Target Elements in the Results Table
  • Display License Usage on Web Frontend

Bugs fixed:

  • Various Minor Bugs fixed

THREATGET v22.05

Major features:

  • Integration of Attack Trees
  • Multi Domain Support, Different Diagram Types and Toolboxes

Minor features:

  • Validation of Rules when Properties of Elements Change
  • Improved Auto Complete
  • Added About Page
  • Allow User Selection of Elements to Update
  • x64 Support
  • Added Optional EA Client Authentication

Bugs fixed:

  • Minor Bugs fixed

THREATGET v21.10

Major features:

  • Rework of EA GUI
  • Autocompletion for Rules

Minor features:

  • EA Client Authentication
  • Report contains Risk Matrix based on Selection
  • Advanced Management View

Bugs fixed:

  • Minor Bugs fixed

THREATGET v21.08

Major features:

  • Proxy support
  • Rule validation after element modification
  • Analysis can now be run in background

Minor features:

  • Display analysis tags above threat list
  • Updated documentation with gifs and video
  • The last modification date of a rule is displayed for each threat
  • Better structure for OpenApi description

Bugs fixed:

  • Fixed bug where the tagged value was not recognized in a correctly written rule

THREATGET v21.06

Major features:

  • AIT Elements can be extended with custom Elements
  • New THREATGET example
  • Better feedback during the analysis process

Minor features:

  • Severity in Results table
  • Connector labels are hidden by default
  • Changeable name of top level elements
  • Updated documentation for deployment

Bugs fixed:

  • Fixed GUI updates during analysis process

THREATGET v21.04

Major features:

  • Generation of Risk Diagrams
    • It is also possible to manually add risks
  • MDG now Generated on Server
  • Update of Analysis Language
    • Multiple Elements can be filtered by type
    • Impact, Cybersecurity Attribute and Impact Category are taken from the Asset

Minor features:

  • Added Impact Category to the Results Table
  • Allow search for rule text in search bar

Bugs fixed:

  • Fixed tagged value deletion

THREATGET v21.01

Major features:

  • Listing of affected elements and Connections of a threat in EA plugin
  • Listing of assets affected by threats in EA plugin

Minor features:

  • Improvement of rule creation regarding assets

Bugs fixed:

  • Fixed scrolling issue in rule text editor
  • Fixed exclusion of certain elements when searching in the searchbar

THREATGET v20.09

Major features:

  • New Grammar for creating rules
    • Simplified Syntax
    • Support for Flows
  • Threat Modeling with Assets in EA plugin

Minor features:

  • Support new grammar as well as legacy grammar
  • Pretty print rule text
  • Improved feedback when creating elements

Bugs fixed:

  • Ignore scrollbar when zooming threat image
  • Fixed issue where an emtpy database would not allow the creation of elements

THREATGET v20.08

Major features:

  • Report is generated based on the threats shown in the analysis tab
  • Screenshots have a zoom feature now, allowing the user to zoom in and out of screenshots

Bugs fixed:

  • Drawing of connector in screenshots is improved and now matches the line in the diagram in most cases
  • Better support for DPI scaling (4K displays)

THREATGET v20.07

Major features:

  • During analysis a threat is generated for each application for a rule (threats are no longer grouped by rule)
  • Analysis is a lot faster
  • Progress bar for Report generation

Minor features:

  • The Element Tab in the web interface has a button to expand and collapse all items
  • Holding Ctrl and clicking on an element opens it in a new tab
  • Tags can now have underscores and slashes in their name

Bugs fixed:

  • The rule interface can be disabled on first opening it after logging in

THREATGET v20.06

Major features:

  • MSIs of EA Plugin can be downloaded from the UI

Bugs fixed:

  • User must select likelihood, impact and threat type for a new rule
  • Namespaces are no longer case sensitive
  • Rule Matrix update is working in Firefox

THREATGET v20.05

Major features:

  • Namespace support (to distinguish customer created elements from AIT created elements)
  • Add support for proxy servers to the server component
  • Search field in the EA Plugin for the threats
  • Connectors are automatically renamed when the corresponding elements are renamed in EA

Bugs fixed:

  • Old version of Web front would be server from cache. (Use F5 once to load updated version, after that the latest version is always served)
  • The generated report would ask to be updated when opened
  • UI glitches in the Threat Results tab

THREATGET v20.03

  • Documentation for Report Management
  • Syntax highlighting
  • Custom tags
  • Risk Matrix
  • Added UI Tests
  • Bugfixes