jgadsden
commented
9 months ago looks good @rhite-tech , can I assign this to you?
Open rhite-tech opened 9 months ago
jgadsden
commented
9 months ago looks good @rhite-tech , can I assign this to you?
jgadsden
commented
6 months ago @rhite-tech are you working on this issue? @raghav1030 may want to take this on, or work alongside you
rhite-tech
commented
6 months ago Hi John
I am! In fact, I've almost finished it :-)
PLOT4ai needs a small change. Because of the way the methodology works, at this moment the threats in PLOT4ai are formulated as questions, but that doesn't really work in Threat Dragon. So I'm discussing this with the author, to add the threats as just threats instead of questions. Apart from that, everything else works. I've attached a screenshot where you can see the current implementation. As you can observe, I've now worked around it by including the answer (yes/no) when it is a threat, but that doesn't look so nice. As you can also see I've also added checkboxes for the Development Phase, which allows you to filter the applicable threats. The Description and Mitigation field are automatically filled with data from PLOT4ai when a threat has been chosen.
I hope to finalize rewriting the threats soon, so I can push it.
jgadsden
commented
6 months ago superb work @rhite-tech , thank you for this and #797
jgadsden
commented
1 month ago Further to our discussions at ThreatModCon Lisbon 2024, @rhite-tech , we can target this for version 2.4 that should be released end of this year Version 2.3 is due for release in August 2024, so that may be a bit soon for this feature
Describe what problem your feature request solves: PLOT4ai contains a database of 86 threats. Threat Dragon recently added support for the categories, similar to the other frameworks, but it would be nice if the threats under each category would become available from a drop-down menu as well. The way threats are organized under the categories can be observed here: https://plot4.ai/library
Describe the solution you'd like: When you add a threat (or edit one), you can already select the threat type, which corresponds to the plot4ai category. PLOT4ai has a json file available with all the threats; based on this json file and the selected type/category, the relevant threats could be loaded and used to populate a drop-down box called 'threat'. The user could then select the applicable threat. Additionally, the information in the explanation field could be used to prefill the Description-field in Threat Dragon and the information in the recommendations field could be used to prefill the Mitigation field in Threat Dragon
Additional context: PLOT4ai is in it's setup very similar to LINDDUN, which is also part of Threat Dragon. Adding this functionality would also open the possibility to add the threats from LINDDUN to threat dragon.
The additions of 'Development Phase' and 'Threat' to the threat dialog should only be visible when the diagram type is 'PLOT4ai', and possibly also for 'LINDDUN' diagram type.