IriusRisk

Visualize Projects, Threats, Weaknesses, Countermeasures, and Users, and monitor changes through queries and alerts.

Installation
Data Model
Types

Installation

Requirements

You need the IriusRisk Host URL and an API Token generated in your IriusRisk account.
You must have the necessary permissions in JupiterOne to install new integrations.

Configuring IriusRisk

Creating Global and Project Roles with Required Permissions

Click the Settings icon to open the General Settings dropdown.
Select Permissions from the dropdown.
Under the Global Roles tab:
- Click Create Role.
- Provide a Name and Description.
- Enable the following permissions:
  - ALL_USER_UPDATE (User Service)
  - API_ACCESS (APIs Service)
  - PRODUCTS_LIST_ALL (Project Service)
- Click Create to finalize the role.
Under the Project Roles tab:
- Click Create Role.
- Provide a Name and Description.
- Enable the following permissions:
  - THREAT_VIEW (Threats Service)
  - COUNTERMEASURE_VIEW (Countermeasures Service)
- Click Create to finalize the role.

Creating a User

Click the Settings icon to open the General Settings dropdown.
Select Users from the dropdown.
Click + Create User.
Provide the First Name and Last Name.
Enter an Email Address.
Set a Password for the user.
Assign the previously created Global Role and Project Role.
Click Create to finalize the user setup.

Generating an IriusRisk API Token

Refer to the official IriusRisk documentation on creating an API token.

Note: The API token should be generated using the user created above, ensuring the required roles are assigned.

Configuring JupiterOne

From the top navigation bar of the J1 Search homepage, go to Integrations.
Search for IriusRisk and select it.
Click the Add Instance button and configure the following settings:
- Account Name: Enter a name to identify this IriusRisk instance in JupiterOne. When Tag with Account Name is enabled, ingested entities will store this value in tag.AccountName.
- Description: Provide a description to help your team identify this integration instance.
- Polling Interval: Choose a suitable polling interval for monitoring, or leave it as DISABLED for manual execution.
- IriusRisk Host URL: Enter the host URL of your IriusRisk tenant.
- IriusRisk API Token: Enter the API token generated for use by JupiterOne.
Click Create Configuration to save your settings.

Next Steps

Now that your integration instance is configured, it will begin running based on the polling interval you provided, populating data within JupiterOne.

Refer to our Instance Management Guide to learn more about managing and editing integration instances.

Entities

The following entities are created:

Resources	Entity `_type`	Entity `_class`
Account	`iriusrisk_account`	Account
Countermeasure	`iriusrisk_product_countermeasure`	Control
Product	`iriusrisk_product`	Project
Threat	`iriusrisk_product_threat`	ThreatIntel
User	`iriusrisk_user`	User
Weakness	`iriusrisk_product_weakness`	Weakness

Relationships

The following relationships are created:

Source Entity `_type`	Relationship `_class`	Target Entity `_type`
`iriusrisk_account`	HAS	`iriusrisk_user`
`iriusrisk_account`	MANAGES	`iriusrisk_product`
`iriusrisk_product`	HAS	`iriusrisk_product_countermeasure`
`iriusrisk_product`	HAS	`iriusrisk_product_weakness`
`iriusrisk_product`	HAS	`iriusrisk_product_threat`

Iriusrisk Account

iriusrisk_account inherits from Account

Iriusrisk Product

iriusrisk_product inherits from Project

Property	Type	Description	Specifications
`criticalRiskThreats`	`number`
`groups`	`array` of `string`s
`highRiskThreats`	`number`
`inheritRiskScore`	`number`
`lowRiskThreats`	`number`
`mediumRiskThreats`	`number`
`mitigatedRiskThreats`	`number`
`priority`	`number`
`projectedRiskScore`	`number`
`residualRiskScore`	`number`
`type`	`string`
`users`	`array` of `string`s
`workflowState`	`string`

Iriusrisk Product Countermeasure

iriusrisk_product_countermeasure inherits from Control

Property	Type	Description	Specifications
`cost`	`number`
`issueId`	`string`
`library`	`string`
`mitigation`	`string`
`owner`	`string`
`platform`	`string`
`risk`	`number`
`source`	`string`
`state`	`string`
`testExpiresOn`	`number`
`testExpiryPeriod`	`number`
`testNotes`	`string`
`testSteps`	`string`

Iriusrisk Product Threat

iriusrisk_product_threat inherits from ThreatIntel

Property	Type	Description	Specifications
`availabilityRiskRatting`	`string`
`componentReferenceId` *	`string`
`confidentialityRiskRatting`	`string`
`easeOfExploitationRiskRatting`	`string`
`expiresOn`	`number`
`inherentRiskScore`	`number`
`integrityRiskRatting`	`string`
`issueId`	`string`
`issueLink`	`string`
`mitigation`	`number`
`owner`	`string`
`projectedRiskScore`	`number`
`riskScore`	`number`
`source`	`string`
`state`	`string`
`useCaseReferenceId` *	`string`

Iriusrisk Product Weakness

iriusrisk_product_weakness inherits from Weakness

Property	Type	Description	Specifications
`impact`	`number`
`issueId`	`string`
`issueLink`	`string`
`state`	`number`
`testExpiesOn`	`number`
`testExpiryPeriod`	`number`
`testLastUpdatedOn`	`number`
`testNotes`	`string`
`testOutput`	`string`
`testSourceArgs`	`string`
`testSourceEnabled`	`boolean`
`testSourceFileName`	`string`
`testSourceResult`	`string`
`testSourceType`	`string`
`testSteps`	`string`

Iriusrisk User

iriusrisk_user inherits from User

Property	Type	Description	Specifications
`groups`	`array` of `string`s
`roles`	`array` of `string`s

IriusRisk

Installation​

Requirements​

Configuring IriusRisk​

Creating Global and Project Roles with Required Permissions​

Creating a User​

Generating an IriusRisk API Token​

Configuring JupiterOne​

Next Steps​

Entities​

Relationships​

Iriusrisk Account​

Iriusrisk Product​

Iriusrisk Product Countermeasure​

Iriusrisk Product Threat​

Iriusrisk Product Weakness​

Iriusrisk User​