THREATGET v24.09
Major Features:
- Support for TARA Workflow and enable process based TARA development
- Iterative development of TARA and Versioning
- Specify signals and functions in architecture
- Enable definition of assumptions and usage in Risk Mitigation
- Re-usable project-wide asset & damage scenario matrix, which can be adapted for each TARA
- Extend from Attack paths towards Attack Trees, summarizing all attack paths for a threat scenario
Minor Features:
- Change risk to likelihood for flat analysis (e.g. attack steps that do not directly impact a asset)
- Versioning feature allows to set diagrams to read-only
- Report now contains risk matrix, asset damage scenario matrix and assumptions
- Affected components can be viewed directly in the architecture via the analyis
THREATGET v24.04
Major features:
- ThreatGet is now completely in the web. This includes:
- a web-based diagram editor
- viewing the analysis in the browser
- generating attack paths in the browser
- a summary for the diagram
- a report of the TARA which can be downloaded as xlsx
- a matrix to link assets and damage scenarios
- Automated calculation of the attack feasibility based on analysis attributes
Minor features:
- The report has received a better structure and additional information (an image of the diagram, the assets and damage scenarios related to the threat in the TARA)
- Use attack feasibility in the web view
- Structured the impact on the principle of SFOP (Safety, Financial, Operational, Privacy)
- Multiple STRIDE types per result are now possible
- Notification when changes are overridden in the diagram editor and the analysis
Bugs fixed:
- Fixed the searchbar in the rules and toolbox
- Fixed issue where attack trees did not always contain context data when selecting the bottom node
- Fixed issue where the diagram was not found if it was not saved the first time after opening it
- Fixed damage scenario not loading correctly when retreiving it from the server
THREATGET v23.09
Major features:
- Moved most of the logic to the web
- Import Diagrams to the web
- Conduct Analysis and view Diagrams and Results and Attack Paths in the browser
- Risk Treatment in the web
- Visualize affected components when selecting a result
- Added Damage Scenarios and split it from asset
- Added User Management
- Added a new filter to make the likelihood depend on calculations instead of predefined values
Minor features:
- Added theming
- For tagged values it is now possible to see in which components they are used
Bugs fixed:
- Various Minor Bugs fixed
THREATGET v23.04
Major features:
- Manual Entry of Risks in the Results
- The Attack Tree is now Stored for later Reference
- New Report Page for the Cybersecurity Configuration
Minor features:
- Threats now have a Unique Id
- New Example based on ISO21434 Headlamp
- Improved Information Messages
Bugs fixed:
- Various Minor Bugs fixed
THREATGET v22.12
Major features:
- Added optional ISO21434 Attack Feasibility rating
- Export analysis results to Excel
- Complete rework if web views
Minor features:
- Show description of diagram elements in EA
- Show description of selected tags on hover
- Extension of autocomplete Features
- Improved filtering analysis results with tags
Bugs fixed:
- Various Minor Bugs fixed
THREATGET v22.07
Major features:
- Integration of Ports
- Improved Feedback at Web Frontend
- Added History for Rules
Minor features:
- Display Source and Target Elements in the Results Table
- Display License Usage on Web Frontend
Bugs fixed:
- Various Minor Bugs fixed
THREATGET v22.05
Major features:
- Integration of Attack Trees
- Multi Domain Support, Different Diagram Types and Toolboxes
Minor features:
- Validation of Rules when Properties of Elements Change
- Improved Auto Complete
- Added About Page
- Allow User Selection of Elements to Update
- x64 Support
- Added Optional EA Client Authentication
Bugs fixed:
- Minor Bugs fixed
THREATGET v21.10
Major features:
- Rework of EA GUI
- Autocompletion for Rules
Minor features:
- EA Client Authentication
- Report contains Risk Matrix based on Selection
- Advanced Management View
Bugs fixed:
- Minor Bugs fixed
THREATGET v21.08
Major features:
- Proxy support
- Rule validation after element modification
- Analysis can now be run in background
Minor features:
- Display analysis tags above threat list
- Updated documentation with gifs and video
- The last modification date of a rule is displayed for each threat
- Better structure for OpenApi description
Bugs fixed:
- Fixed bug where the tagged value was not recognized in a correctly written rule
THREATGET v21.06
Major features:
- AIT Elements can be extended with custom Elements
- New THREATGET example
- Better feedback during the analysis process
Minor features:
- Severity in Results table
- Connector labels are hidden by default
- Changeable name of top level elements
- Updated documentation for deployment
Bugs fixed:
- Fixed GUI updates during analysis process
THREATGET v21.04
Major features:
- Generation of Risk Diagrams
- It is also possible to manually add risks
- MDG now Generated on Server
- Update of Analysis Language
- Multiple Elements can be filtered by type
- Impact, Cybersecurity Attribute and Impact Category are taken from the Asset
Minor features:
- Added Impact Category to the Results Table
- Allow search for rule text in search bar
Bugs fixed:
- Fixed tagged value deletion
THREATGET v21.01
Major features:
- Listing of affected elements and Connections of a threat in EA plugin
- Listing of assets affected by threats in EA plugin
Minor features:
- Improvement of rule creation regarding assets
Bugs fixed:
- Fixed scrolling issue in rule text editor
- Fixed exclusion of certain elements when searching in the searchbar
THREATGET v20.09
Major features:
- New Grammar for creating rules
- Simplified Syntax
- Support for Flows
- Threat Modeling with Assets in EA plugin
Minor features:
- Support new grammar as well as legacy grammar
- Pretty print rule text
- Improved feedback when creating elements
Bugs fixed:
- Ignore scrollbar when zooming threat image
- Fixed issue where an emtpy database would not allow the creation of elements
THREATGET v20.08
Major features:
- Report is generated based on the threats shown in the analysis tab
- Screenshots have a zoom feature now, allowing the user to zoom in and out of screenshots
Bugs fixed:
- Drawing of connector in screenshots is improved and now matches the line in the diagram in most cases
- Better support for DPI scaling (4K displays)
THREATGET v20.07
Major features:
- During analysis a threat is generated for each application for a rule (threats are no longer grouped by rule)
- Analysis is a lot faster
- Progress bar for Report generation
Minor features:
- The Element Tab in the web interface has a button to expand and collapse all items
- Holding Ctrl and clicking on an element opens it in a new tab
- Tags can now have underscores and slashes in their name
Bugs fixed:
- The rule interface can be disabled on first opening it after logging in
THREATGET v20.06
Major features:
- MSIs of EA Plugin can be downloaded from the UI
Bugs fixed:
- User must select likelihood, impact and threat type for a new rule
- Namespaces are no longer case sensitive
- Rule Matrix update is working in Firefox
THREATGET v20.05
Major features:
- Namespace support (to distinguish customer created elements from AIT created elements)
- Add support for proxy servers to the server component
- Search field in the EA Plugin for the threats
- Connectors are automatically renamed when the corresponding elements are renamed in EA
Bugs fixed:
- Old version of Web front would be server from cache. (Use F5 once to load updated version, after that the latest version is always served)
- The generated report would ask to be updated when opened
- UI glitches in the Threat Results tab
THREATGET v20.03
- Documentation for Report Management
- Syntax highlighting
- Custom tags
- Risk Matrix
- Added UI Tests
- Bugfixes