Using TMI for Threat Modeling

This section provides comprehensive guidance for end users learning to use TMI for threat modeling.

What You'll Learn

• How to access TMI
• Creating and managing threat models
• Working with data flow diagrams
• Identifying and documenting threats
• Collaborating with your team
• Using advanced features

Getting Started Topics

Accessing-TMI

Learn how to access the TMI platform at tmi.dev and authenticate with your account.

Creating-Your-First-Threat-Model

Step-by-step guide to creating your first threat model, from initial setup to completion.

Understanding-the-User-Interface

Overview of the TMI user interface, navigation, and key features.

Working-with-Data-Flow-Diagrams

Comprehensive guide to creating and editing data flow diagrams in TMI:

• Creating diagrams
• Adding components (actors, processes, stores, security boundaries)
• Defining data flows
• Organizing your diagrams

Managing-Threats

Learn how to identify, document, and manage threats:

• Creating threats
• Linking threats to diagram components
• Using threat frameworks (STRIDE, CIA, LINDDUN, DIE, PLOT4ai)
• Threat properties and metadata
• Threat mitigation strategies

Collaborative-Threat-Modeling

Work with your team in real-time:

• Real-time editing features
• Sharing threat models
• Managing permissions (reader, writer, owner)
• Viewing collaborator activity
• Resolving conflicts

Using-Notes-and-Documentation

Document your threat modeling process:

• Adding notes to threat models
• Markdown formatting
• Embedding Mermaid diagrams
• Organizing documentation
• Best practices

Metadata-and-Extensions

Extend TMI with custom metadata:

• Adding metadata to objects
• Custom properties
• Tags and labels
• Using metadata for filtering and reporting

Quick Start

New to TMI? Follow these steps:

1. Accessing-TMI at tmi.dev
2. Authenticate using a configured identity provider (OAuth or SAML)
3. Creating-Your-First-Threat-Model
4. Working-with-Data-Flow-Diagrams representing your system
5. Managing-Threats using STRIDE or another framework
6. Collaborative-Threat-Modeling with your team
7. Using-Notes-and-Documentation your findings

Threat Modeling Workflows

Application Security Review

1. Create a new threat model for your application
2. Build data flow diagrams showing key components and data flows
3. Identify threats using STRIDE framework
4. Document mitigation strategies in notes
5. Link threats to issue tracking system
6. Share with development team

Infrastructure Security Assessment

1. Create threat model for infrastructure components
2. Map network flows and security boundaries
3. Identify threats to confidentiality, integrity, availability
4. Document security controls
5. Track remediation items

Collaborative Security Design

1. Share threat model with architects and developers
2. Real-time diagram editing during design sessions
3. Capture threats as they're identified
4. Document design decisions in notes
5. Export findings for broader review

Next Steps

After completing the getting started guide:

• Explore Issue-Tracker-Integration to connect with your workflow
• Learn about API-Integration for automation
• Review Security-Best-Practices for threat modeling

Need Help?

• Check Common-Issues for troubleshooting
• Review the FAQ for frequently asked questions
• Visit Getting-Help for support options