Threats Manager Studio (TMS) enables the automatic generation of Word reports from Threat Models. This functionality is based on two different tools: TMS itself for the generation and a Microsoft Word Add-In to prepare Word templates which can be used by TMS.
The current page focuses on the actual generation of the reports. Please refer to Word Template to learn how to create your own templates.
For this scenario, let’s assume you already have a Word Template, in the form of a DOTX or a DOCX file. Before using it to generate automatically a Report out of it, you need to perform some preparation activities:
- You need to create a DOCX document in the same folder of the Threat Model. This copy is called the Reference Word file. It is recommended to change the name to something meaningful: for example, it could have the same name as the Threat Model.
Tips & Tricks
It is useful to save the Reference Word file in the same folder as the Threat Model, because TMS would store it as a relative path. This means that if you move it to another position or if you give both the Threat Model and the Reference Word file to a colleague, everything will still work.
- Open the Reference Word file in Microsoft Word and edit it. You may need to insert some details that are not present in the Threat Model, like some comments on the overall status of the Threat Model and final considerations. Each Template would have different updates required.
- Close the Reference Word file in Microsoft Word.
- In TMS, click on the Word Reporting button in the Export Ribbon.
- Click the Browse button at the top of the Word Report tool and then select the Reference Word file you have just closed. If everything has been loaded correctly, then the Placeholders table should be loaded with all the various placeholders which have been found in the document, as shown below.
- Optionally open the various categories to inspect the various placeholders. You may also change the visibility of selected properties in the Lists or change the width of columns in the Tables.
- Click the Generate Document button. A progress bar will be shown and after a few seconds, you should receive a confirmation that the Report has been generated. The new file can be found in the same folder where the Reference Word file is, and it has a suffix with the date and time of its generation.
- Optionally click the Open Last Document button to open the freshly generated report.
You need to have a tool able to open DOCX files, otherwise the Open Last Document command will fail.
Tips & Tricks
If you see any discrepancy in the generated report, you can fix it by working on the Threat Model itself or on the Reference Word file, depending on what the affected information is. That is, automatically generated content will need to be edited in the Threat Model and everything else in the Reference Word file.
Never work on the generated report, because every change you do there would be lost.
There are various moments where the Reference Word file must be closed:
- When you select the Reference Word file.
- When you open the Word Report tool, if the Reference Word file has already been selected for the Threat Model.
- When you generate a new report.
- When you click the Refresh button. This button has been introduced to support editing the Reference Word file and then get TMS to load the changes.
If you see that TMS is not able to open the Reference Word file, and you get errors or simply TMS refuses to process it, then it is most probable that you have Word still open.
In fact, Word requires full exclusive access to the file, and this prevents any access by TMS.
To address the issue, simply close Word. If you cannot see Word as open, you may have it as a dangling process: open Task Manager and check. If you see any instance of winword.exe and it should not be there, you may kill it to unlock access by TMS. Do this carefully, though, because you may close another document and lose your work!
If still you cannot access the Reference Word file, it may be corrupted. Try to open it again in Word and check that everything is correct.