Execution Mode visibility.

Threats Manager Studio (TMS) supports the creation of knowledgebases, to simplify the execution of Threat Models by less expert operators, and to provide a more efficient and effective experience to everyone. Those knowledgebases are called Templates.

Templates contain information on the structure of the Threat Model, but not specific data: this means that you can find Threat Types, Standard Mitigations and Item Templates, along with metadata, but not Diagrams, Entities, Threat Events or Threat Event Mitigations.

TMS implements an approach for creating Threat Models by composition, that is from multiple Templates, which can be loaded at any time. This is fundamentally different from the experience common to other tools, which instead start from a Template and if a different Template is required, force the user to start over.

Due to this approach, Templates can be focused on a specific topic, like Azure AI+Machine Learning or AWS Analytics. Therefore, they require much simpler maintenance.

Templates can be built only when the Execution Mode is Pioneer or Expert, and at least Simplified is required to consume the Templates. The current page focuses on Templates consumption. Please refer to Templates Creation for details on how to create new Templates.

Templates consumption is possible via the Import Template button or through the Merge Threat Models and Templates button, both available from the Import ribbon. The current page focuses on the first method.

The Import ribbon.

The Template import is typically started by clicking the Import Template button. This opens the Template Import Wizard.

The Welcome page of the Template Import Wizard.

After you click Next, you will have the opportunity to select the Template file to import. Template files have typically extension .TMT.

If the selected file is a Template, then a page with its details will be shown. Please read it carefully, to be sure you are importing from the right Template.

The page of the Template Import Wizard with the Template details.

When you click Next again, you get a list of the objects defined in the Template you can import.

The page of the Template Import Wizard to select the types of objects to be imported.

In the example above, you can see that you can import Property Schemas, Item Templates and Threat Types, but not Mitigations and Threat Actors, which are grayed out. This is because the specific Template does include items from the first three categories, but not from the latter two.

In this page, if a category is checked then all its items will be automatically imported. If instead an item is unchecked, then the behavior depends on the status of check box Skip granular selection of unchecked categories. For example, if this flag is checked but for example Item Templates is not, then no Item Template will be imported. If instead this flag is unchecked, then the next page will allow to select the Item Templates to import one by one. There is a partial exception to this rule, which is represented by Property Schemas and Mitigations: in fact they are automatically imported even if not selected, if there is some dependency.

Tips & Tricks
The previous description may seem a little too complicated, but the situation is simpler than it looks: in fact, the recommended approach is to accept all defaults. This allows to import a Template in a few seconds.

After the Template is imported, you can immediately start using its content immediately.

There is no need to maintain a copy of the Template, because its content has been copied inside the Threat Model.

Tips & Tricks
You can import Templates at any time. There is no limit to the number of Templates that can be imported.

Partial overlaps among Templates are automatically handled, because objects are recognized based on their ID. For example, if two templates have the same Threat Type, then it would be imported only once provided that both copies have the same ID.

When you import two Template having overlapping content, TMS handles this automatically by merging the objects that are already present. The ID of the object is used as key to understand if an object is already present. Existing values are not overwritten, though, to safeguard the work of the user. Aggregations like the relationship between Threat Events or Threat Types and Mitigations are handled by adding the missing objects.
The approach provides a reasonable support for now, but it is not perfect. For instance, if a Threat Type is present in two different Templates, and it has different Automatic Threat Generation and Mitigation Assignment rules, then those rules are not merged: those defined in the latter Template to be loaded would be lost. Improvements to this feature have been prioritized.