Open-source Java API for MONARC (Optimised Risk Analysis Method) allowing to inject risk information from other sophisticated risk management tool such as TRICK Service (Tool for Riskmanagement of an ISMS based on a Central Knowledge base) by facilitating changes to the MONARC json data file. The tool was developed to migrate risk information of multiple organization in scope of NIS to the data format requested by the NIS regulator in Luxembourg.
This project is compliant with MONARC version 2.12.7. This API reads a JSON file exported from MONARC and gathers information by interepreting a subset of such file and creating Java objects from the elements it can interpret from the exported JSON file.
Furthermore, after the Java objects have been prcessed by this API, it can export a JSON file compliant with MONARC version 2.12.7.
To begin interpreting the JSON file, instantiate a MonarcDatabase object and pass to the constructor the path to the Monarc Json file.
The newly instantiated MonarcDatabase object will then, parse the JSON file in a series of lists, each of which represent Monarc elements and their attributes.
A typical instance of MonarcDatabase contains the information encoded in the following Java Objects:
MonarcDatabase
|
|-monarcData
|-monarcRiskList
|-monarcVulnerabilityList
|-monarcThreatList
|-monarcAMVThreatList
|-monarcAMVList
|-scales
|-scalesComments
|-soaScaleComment
|-monarcObjectsList
|-monarcThemesList
|-monarcRecsList
|-monarcRecosList
|-monarcRecSetsList
|-monarcReferentials
|-monarcMeasures
|-monarcSoaCategories
|-monarcSoa
|-monarcOperationalRiskScales
|-monarcAssetList
+-monarcANRDuring initialization, each of these objects will be populated with the information coming from the elements in the Monarc JSON file, with the only difference being that in the JSON representation, information have to be replicated in order to appear in more than one element and in this data structure, objects just maintain a reference to unique objects, guaranteeing data consistency during the object lifecycle.
The constructor of the MonarcDatabase class requires the path to a Monarc JSON file, and the instantiation should look like this:
MonarcDatabase db = new MonarcDatabase(<JSON filepath>);After the initialization is ready, the database object is ready to process queries, such as the ones shown below:
MonarcThreats searchResult = db.searchThreatByLabel(<Threat label>, <language code>);
MonarcVulnerabilities vulnerabilitySearchResult = db.searchVulnerabilityByCode(<Code string>);Finally, the MonarcDatabase project can be exported as a JSON file for transmitting to other Monarc users.
db.saveInstancesToJSON(<Export filepath>);This API packs a set of functions to query the database object, as shown below:
The MonarcDatabase object allows the search to be conducted using only the UUID of a desired object.
public MonarcRisks searchRiskByID(int riskID)
public MonarcThreats searchThreatByUUID(String uuid)
public MonarcAMV searchAMVByUUID(String uuid)
public MonarcVulnerabilities searchVulnerabilityByUUID(String uuid)
public MonarcReferentials searchReferentialsByUUID(String uuid)
public MonarcMeasures searchMeasuresByUUID(String uuid)Similar to searching by ID, but using the code field in the Monarc objects. Some of those functions are:
public MonarcThreats searchThreatByCode(String code)
public MonarcVulnerabilities searchVulnerabilityByCode(String code)
public List<MonarcMeasures> searchMeasuresByCode(String code)Some objects have labels associated with them, that could be written in more than one language.
One single object can have the same label written in different languages embedded in it. Usually encoded as follows:
| Language code | Language (typically) |
|---|---|
| 1 | French |
| 2 | English |
| 3 | German |
| 4 | Luxembourgish |
Such functions are:
public List<MonarcInstance> searchInstanceByLabel(String label, int languageCode)
List<MonarcAsset> searchAssetByLabel(String label, int languageCode)
public MonarcThreats searchThreatByLabel(String label, int languageCode)
public MonarcVulnerabilities searchVulnerabilityByLabel(String label, int languageCode)Similar to searching by label, but the searched text is in the description field, not in the label field.
Functions that can be used to search by elements' descriptions are:
public MonarcThreats searchThreatByDescription(String description, int languageCode)
public MonarcVulnerabilities searchVulnerabilityByDescription(String description, int languageCode)Copyright © itrust consulting. All rights reserved.
Acknowledgment: This tool was co-funded by the Ministry of Economy and Foreign Trade of Luxembourg, within the project Cloud Cybersecurity Fortress of Open Resources and Tools for Resilience (CyFORT).
Licensed under the GNU Affero General Public License (AGPL) v3.0.
For more information about the project, contact us at dev@itrust.lu.