Threats Manager Studio (TMS) provides two different tools to facilitate the creation of reports as Microsoft Excel worksheets:

  • Excel Reporting
  • Summary Excel Report

Both tools are available from the Export ribbon.

The Export ribbon.

Excel Reporting

The first tool, Excel Reporting, provides a rich interface to export most content of the Threat Model as a Microsoft Excel XLSX file.

When you click the Excel Reporting button in the Export ribbon, a configuration page is opened.

The Excel Reporting page.

This page shows all the various sheets that will be created in the Excel file:

  • The External Interactors page.
  • The Processes page.
  • The Data Stores page.
  • The Flows page.
  • The Threat Events page.
  • The Mitigations page.

For each page, it shows the rows that will be created and the main fields that will be added. It also shows a list of Additional Fields that may optionally be included. While the main fields are not optional, the Additional Fields must be explicitly included. To facilitate your work, a Check All Fields button has been added to the Excel Reporting ribbon. There is also an Uncheck All Fields button, to revert selection to the initial status, if required. The Threat Model will remember your configuration, therefore next time you will find everything ready.

To create the Excel report after you have completing configuring it, you must click the Create File button. This will allow you to select the name of the file to be created, and then will create it. The freshly generated report can be opened clicking the Open Last Document button.

ATTENTION
You need to have a tool able to open XLSX files, otherwise the Open Last Document command will fail.

Summary Excel Report

TMS provides another function to generate Microsoft Excel reports: the Summary Excel Report tool.

This function is available from the Export ribbon. When you click it, you are asked to specify the file to be created and then it creates it. This time, if you want to open it you need to do that manually: there is no Open Last Document command.

The output of the Summary Excel Report tool.

The format of the generated file is fixed and has been thought to provide a fast overview of the various Threats and Mitigations.

The file lists all Threat Types represented in the Threat Model, and for each one of them it includes the following fields:

FieldDescriptionNotes
NameThe name of the Threat Type.
SeverityThe maximum Severity of the associated Threat Events.
DescriptionThe description of the Threat Type.
Affected ObjectsThe objects affected by the associated Threat Events.For each object, it shows its type in short form, the name, and its severity, encircled by parenthesis.
Existing MitigationsExisting Mitigations associated with each Threat Event.For each Threat Event, it shows the related object (type in short form and name), then the title of the Mitigation.
Shown only if there is any Existing Mitigation.
Approved MitigationsApproved Mitigations associated with each Threat Event.For each Threat Event, it shows the related object (type in short form and name), then the title of the Mitigation.
Shown only if there is any Approved Mitigation.
Planned MitigationsPlanned Mitigations associated with each Threat Event.For each Threat Event, it shows the related object (type in short form and name), then the title of the Mitigation.
Shown only if there is any Planned Mitigation.
Implemented MitigationsImplemented Mitigations associated with each Threat Event.For each Threat Event, it shows the related object (type in short form and name), then the title of the Mitigation.
Shown only if there is any Implemented Mitigation.
Proposed MitigationsProposed Mitigations associated with each Threat Event.For each Threat Event, it shows the related object (type in short form and name), then the title of the Mitigation.
Shown only if there is any Proposed Mitigation.
The fields generated as part of the Summary Excel Report.