The Microsoft Threat Modeling Tool Importer Extension library provides a tool to import TM7 documents and TB7 templates produced with Microsoft Threat Modeling Tool, a widely adopted tool to produce Threat Models, which can be downloaded from https://aka.ms/threatmodelingtool. You need to install this Extension library separately from the Threats Manager Studio (TMS), from Downloads.
The Microsoft Threat Modeling Tool Importer Extension library adds a button in the Import ribbon: Import Document in the MS TMT section.
If you click this button, you will be offered the opportunity to select the Threat Model (.TM7) or template (.TB7) to be imported. After a fast processing, you should see a Threat Modeling Tool Import Results dialog similar to the following one.
The meaning of the various results shown, is:
|Diagrams||Counter of the migrated Diagrams.|
|DataStores||Counter of the migrated Data Stores.|
|ExternalInteractors||Counter of the migrated External Interactors.|
|Processes||Counter of the migrated Processes.|
|EntityTypes||Counter of the migrated Item Types.|
|DataFlows||Counter of the migrated Data Flows.|
|CustomThreatTypes||Counter of the imported Threats that were not associated with Threats defined in the source template used by the TM7 file.|
|MissingThreats||Counter of the Threat Events that it has not been possible to import.|
|Threats||Counter of the imported Threat Events.|
|ThreatTypes||Counter of the imported Threat Types.|
|TrustBoundaries||Counter of the imported Trust Boundaries|
Auxiliary Diagramming Tools
The Microsoft Threat Modeling Tool Importer Extension library includes also two buttons to support some cleaning up activities on freshly imported Threat Models:
- Merge Entities button, which allows merging two entities together.
- Merge Flows button, which allows merging two flows together.
Merging Entities is important because the Microsoft Threat Modeling tool considers the same entity included in two different diagrams as two different objects. To use it, you have to include the missing Entity using the Existing Object palette, then to select both copies, and finally click the Merge Entities button. This opens the Merge Entities dialog.
You need to select the Entity which must remain, and click the Target button on it. Automatically, the other Entities will be marked as Source. When you click the OK button, the Entity marked as Target will receive all the Flows associated with the Sources. To succeed, it is necessary that the moved Flows are not already existing, because Threats Manager Platform, the engine behind Threats Manager Studio (TMS), does not allow to have two Flows with the same source and target. For this reason, we have the Replacement Strategy options:
- Stop if at least a Flow already exists, will interrupt the merge operation if there is an overlap.
- Replace existing Flows, will remove the existing Flows to replace them with the new ones.
- Skip existing Flows, will leave the existing Flows.
The second command, Merge Flows, addresses a second typical issue that occurs as a result of importing a document built with Microsoft Threat Modeling Tool, that is having two flows to represent a relationship, when in TMS only a single Flow would be required. Merge Flows allows to do that. A simple way is to select the duplicated Flows, perhaps using CTRL+A to select all, and then by clicking Merge Flows. This will open the Merge Flows dialog.
The tool already identifies the candidates. You have to select the Master flow, which is the one to be maintained. When done, you should click OK.