PioneerVisible
ExpertVisible
SimplifiedVisible
ManagementHidden
BusinessHidden
Execution Mode visibility.

The Microsoft Threat Modeling Tool Importer Extension library provides a tool to import TM7 documents and TB7 templates produced with Microsoft Threat Modeling Tool, a widely adopted tool to produce Threat Models, which can be downloaded from https://aka.ms/threatmodelingtool. You need to install this Extension library separately from the Threats Manager Studio (TMS), fromĀ Downloads.

The Microsoft Threat Modeling Tool Importer Extension library adds a button in the Import ribbon: Import Document in the MS TMT section.

The Import ribbon.

If you click this button, you will be offered the opportunity to select the Threat Model (.TM7) or template (.TB7) to be imported. After a fast processing, you should see a Threat Modeling Tool Import Results dialog similar to the following one.

The Threat Modeling Tool Import Results dialog.

The meaning of the various results shown, is:

NameDescription
DiagramsCounter of the migrated Diagrams.
DataStoresCounter of the migrated Data Stores.
ExternalInteractorsCounter of the migrated External Interactors.
ProcessesCounter of the migrated Processes.
EntityTypesCounter of the migrated Item Types.
DataFlowsCounter of the migrated Data Flows.
CustomThreatTypesCounter of the imported Threats that were not associated with Threats defined in the source template used by the TM7 file.
MissingThreatsCounter of the Threat Events that it has not been possible to import.
ThreatsCounter of the imported Threat Events.
ThreatTypesCounter of the imported Threat Types.
TrustBoundariesCounter of the imported Trust Boundaries
Meaning of the counters shown by the Threat Modeling Import Results dialog.

Auxiliary Diagramming Tools

The Microsoft Threat Modeling Tool Importer Extension library includes also two buttons to support some cleaning up activities on freshly imported Threat Models:

  • Merge Entities button, which allows merging two entities together.
  • Merge Flows button, which allows merging two flows together.

Merging Entities is important because the Microsoft Threat Modeling tool considers the same entity included in two different diagrams as two different objects. To use it, you have to include the missing Entity using the Existing Object palette, then to select both copies, and finally click the Merge Entities button. This opens the Merge Entities dialog.

The Merge Entities dialog.

You need to select the Entity which must remain, and click the Target button on it. Automatically, the other Entities will be marked as Source. When you click the OK button, the Entity marked as Target will receive all the Flows associated with the Sources. To succeed, it is necessary that the moved Flows are not already existing, because Threats Manager Platform, the engine behind Threats Manager Studio (TMS), does not allow to have two Flows with the same source and target. For this reason, we have the Replacement Strategy options:

  • Stop if at least a Flow already exists, will interrupt the merge operation if there is an overlap.
  • Replace existing Flows, will remove the existing Flows to replace them with the new ones.
  • Skip existing Flows, will leave the existing Flows.

The second command, Merge Flows, addresses a second typical issue that occurs as a result of importing a document built with Microsoft Threat Modeling Tool, that is having two flows to represent a relationship, when in TMS only a single Flow would be required. Merge Flows allows to do that. A simple way is to select the duplicated Flows, perhaps using CTRL+A to select all, and then by clicking Merge Flows. This will open the Merge Flows dialog.

Merge Flows dialog.

The tool already identifies the candidates. You have to select the Master flow, which is the one to be maintained. When done, you should click OK.