How-To Guides
Welcome to the ThreatWeaver how-to guides. These are practical, step-by-step instructions organized by role so you can quickly find exactly what you need.
Pick your role below and jump straight to the guides that matter most to you.
For Security Analystsβ
Day-to-day vulnerability assessment and triage workflows.
| Guide | What you'll learn |
|---|---|
| Running Your First Vulnerability Scan | How to set up a target, choose a scan type, and review results |
| Reviewing and Triaging Findings | How to read evidence, verify findings, and prioritize remediation |
| Creating Compliance Reports | How to generate PCI-DSS, SOC 2, ISO 27001, and HIPAA reports |
| Managing Scan Exceptions | When and how to create exceptions for accepted risks |
Go to Security Analyst Guides β
For Security Engineersβ
Configuring scanners, authentication, agents, and advanced scan workflows.
| Guide | What you'll learn |
|---|---|
| Setting Up Authenticated Scanning | How to create auth profiles so scans test behind login pages |
| Deploying a Docker Scan Agent | How to scan internal apps behind your firewall |
| Configuring Scan Templates | How to create reusable scan configurations |
| Setting Up Continuous Scanning | How to schedule recurring scans and CI/CD triggers |
Go to Security Engineer Guides β
For DevSecOps Engineersβ
Automation, CI/CD integration, APIs, and webhooks.
| Guide | What you'll learn |
|---|---|
| CI/CD Pipeline Integration | How to trigger scans from GitHub Actions and GitLab CI |
| Using the ThreatWeaver API | How to automate scans, pull findings, and export SARIF |
| Setting Up Webhooks | How to get notified in Slack or PagerDuty when scans complete |
| Importing API Specs | How to upload OpenAPI, Swagger, or GraphQL schemas for deeper coverage |
For Administratorsβ
User management, SSO, data retention, integrations, and platform health.
| Guide | What you'll learn |
|---|---|
| Managing Users and Roles | How to add users, assign roles, and manage access |
| Configuring SSO with Microsoft Entra ID | How to set up SAML single sign-on |
| Setting Up Data Retention Policies | How to manage data lifecycle and compliance |
| Configuring Tenable API Keys | How to connect ThreatWeaver to Tenable.io |
| Monitoring Platform Health | How to check scanner health, database size, and performance |
Go to Administrator Guides β
For Product Managersβ
Reports, dashboards, risk metrics, and remediation tracking.
| Guide | What you'll learn |
|---|---|
| Generating Executive Reports | How to create and download PDF reports for stakeholders |
| Tracking Remediation Progress | How to use the Fix Planner to monitor SLA compliance |
| Understanding WeaverScore | How the composite risk score works and how to use it |
| Customizing Dashboards | How to build role-specific dashboard views |
Go to Product Manager Guides β
For Executivesβ
High-level dashboards, security posture, and board-ready reports.
| Guide | What you'll learn |
|---|---|
| Reading the Executive Dashboard | What each KPI means and how to spot trends |
| Understanding Your Security Posture | Key indicators and red flags to watch for |
| Requesting a Penetration Test Report | How to find and download pentest reports for auditors |
For New Team Membersβ
First-day orientation and platform walkthrough.
| Guide | What you'll learn |
|---|---|
| Welcome to ThreatWeaver | What the platform does, in plain English |
| Your First 5 Minutes | Log in, explore modules, find your way around |
| Finding Your Role-Specific Guides | Where to go next based on your job function |
Go to New Team Member Guide β