Tips on Threat Analysis and Modeling Tool

Some tips to work with Threat Analysis and Modeling Tool, these could be useful specially when working on larger threat models.

  • Tool support’s drag and drop functionality, just drag an item to its parent to copy the item. You can convert user roles into service roles by dragging a user role onto “Service Roles” node and vice-versa. You can also convert a component into an external dependency by dropping the component on to “External Dependencies” node.

  • You can take advantage of Auto-Save feature by going to Tools -> Options -> General tab. You can configure it to save a file for every 1-15 minutes.

  • All the item collections like User Roles, Data, and Components can be sorted by name except for threats. As threats are auto-generated, it may not be useful to sort them by name. Thus we have other ways to sort threat by. They can be sorted either by Business Impact or by Probability or by Risk Rating or by Risk Response. The resulting order is persisted in the threat model which allows you to prioritize threats accordingly.

  • You can customize the name of a threat making it more meaningful. By default all threats generated will have a generic name it may be difficult to identify and interpret. For example you can change a threat name to, “Compromise of Sales data confidentiality”.

  • Take advantage of custom reports, threat model file is stored in xml format. You can use any XSLT file to transform this xml into a nice report. Select Reports -> Custom Report to bring up the file dialog to select any custom XSLT file to do the transformation. Stock Reports can be used as templates for your reports, they can be found at <Program Files>/Microsoft Corporation/ Microsoft Threat Analysis and Modeling v2.1/Graphics/Reports. If you wish to extend a stock report, please extend a copy of the report rather than the original one.

  • Use Find functionality (Ctrl + F) to find items in your threat model, for example you can find threats related to a component or identify items that are not used anywhere in the model.

  • Threat model templates allow you to re-use certain information, could be useful multiple applications have similar components and functionalities. You can save a threat model as a template and re-use it to create new threat models.

More tips and features later.

Anil Revuru (RV)
Security Technologist
Microsoft ACE Team 

Skip to main content