Knogin
[Domaines API]

Threat Model Domain

The Threat Model domain provides a threat modeling and security analysis visualization system. Users create named threat models containing typed nodes (web services, threat actors, hosts, databases, APIs, networks) and d

Metadonnees du module

The Threat Model domain provides a threat modeling and security analysis visualization system. Users create named threat models containing typed nodes (web services, threat actors, hosts, databases, APIs, networks) and d

Retour à la Liste

Reference source

content/modules/domain-threat-model.md

Dernière Mise à Jour

24 févr. 2026

Catégorie

Domaines API

Checksum du contenu

7658e44ea913974b

Étiquettes

api-domains

Documentation rendue

Cette page rend le Markdown et Mermaid du module directement depuis la source publique de documentation.

Overview#

The Threat Model domain provides a threat modeling and security analysis visualization system. Users create named threat models containing typed nodes (web services, threat actors, hosts, databases, APIs, networks) and directed edges (attacks, exploits, communications, dependencies) to map security scenarios and identify vulnerabilities through graph-based analysis.

Key Features#

  • Graph-Based Threat Modeling - Build threat models as interactive graphs with typed nodes representing system components and directed edges representing relationships, attacks, and data flows.

  • Node Types - Model diverse system components including web services, threat actors, hosts, databases, APIs, and networks, each with category classification and custom properties.

  • Edge Types - Define relationships between nodes including attack paths, exploitation vectors, communication channels, dependencies, and containment relationships.

  • Visual Layout - Save and restore visualization layout configurations so team members can return to the same view and collaborate on threat model analysis.

  • Property Storage - Attach arbitrary metadata properties to both nodes and edges for flexible documentation of system characteristics, vulnerabilities, and mitigations.

  • Secrecy Level Controls - Apply classification levels to threat models to control access based on personnel clearance, ensuring sensitive security analysis is appropriately protected.

  • Organization Scoping - Threat models are scoped to their owning organization with access controls that ensure models are only visible to authorized personnel.

Use Cases#

  • Security Architecture Review - Map system architecture components, data flows, and trust boundaries to identify potential attack surfaces and security weaknesses.

  • Threat Identification - Model threat actors, their capabilities, and potential attack paths to understand the threats facing a system and prioritize defenses.

  • Vulnerability Analysis - Visualize how vulnerabilities in different system components could be exploited through attack chains to assess overall risk exposure.

  • Mitigation Planning - Document security controls and mitigations on the threat model graph to evaluate defensive coverage and identify gaps.

Integration#

The Threat Model domain supports security analysis across the platform:

  • Vulnerability Management - Threat models reference known vulnerabilities
  • Threat Actor Profiles - Known threat actors can be represented in models
  • Investigation Management - Threat models support security investigation analysis
  • Reporting - Threat model visualizations can be exported for documentation

Last Reviewed: 2026-02-24