Skip to content

Example Threat Model

The following is a lightweight example of a threatcl HCL file. The specification is built off HCLv2 - if you’ve ever written terraform, this may seem familar to you. See developer.hashicorp.com for more high level information about the syntax.

tower-of-london.hcl
threatmodel "Tower of London" {
description = "A historic castle"
author = "@xntrik"
attributes {
new_initiative = "true"
internet_facing = "true"
initiative_size = "Small"
}
information_asset "crown jewels" {
description = "including the imperial state crown"
information_classification = "Confidential"
}
usecase {
description = "The Queen can fetch the crown"
}
threat {
description = "Someone who isn't the Queen steals the crown"
impacts = ["Confidentiality"]
expanded_control "Guards" {
description = "Trained guards patrol tower"
risk_reduction = 75
}
}
}