OpenXSAM is an open source format for security risk analysis.
All artifacts in OpenXSAM are available as XML resources. The data access can be configured for files or URLs.
Open the ANALYZE configuration with the ANALYZE configuration editor, and add a new data access as described in section "Data accesses". Select OpenXSAM as data access type.
Supported options:
Example:
resource "*.xsam"
This configuration specifies that ANALYZE should load and analyze all files residing in the workspace whose filename extension is .xsam.
Artifacts in OpenXSAM are nodes defined in the standard, like `Risk`, `ThreatClass` or `DataFlow`.
Open the ANALYZE configuration with the ANALYZE configuration editor, and add a new artifact type as described in section "Artifact types". Select your previously-configured PDF files data access in the Data access drop-down list.
The OpenXSAM artifact type configuration supports the following keywords:
Example for analyzing risks:
artifact types = Risk
if valueOf ("@name") !="" && valueOf("@name") contains "R."{
name valueOf("@name") + "-" + valueOf("@title")
identified by valueOf("@*[local-name()='id']")
map {
title to valueOf ("@title")
ts_refs_target to valueOf ("*[name() = 'CausedByElements']/*[name() = 'ThreatScenarioRef']/@target")
ts_refs_target_mpsID to valueOf ("*[name() = 'CausedByElements']/*[name() = 'ThreatScenarioRef']/@*[local-name()='id']")
mps_id to valueOf ("@*[local-name()='id']")
}
}
Get all Risk from OpenXSAM and extract the name and the title to name the artifact and the id and target ids for linked threat scenarios.
An artifact’s version is used for suspicious links validation. Artifacts of