Welcome to ThreatWeaver!
ThreatWeaver is a security platform that helps your organization find, prioritize, and fix vulnerabilities before attackers can exploit them. Think of it as a comprehensive health-check system for your IT infrastructure and applications -- it continuously monitors for weaknesses and guides your team on what to fix first.
| Time needed | 10 minutes |
| Prerequisites | A ThreatWeaver account (your admin will send you an invitation email) |
| What you'll learn | What ThreatWeaver does, how it is organized, and where to find your role-specific guides |
The 6 Modules -- In Plain Englishβ
ThreatWeaver is organized into six modules. You do not need to use all of them -- your role determines which ones matter to you.
Exposure Management (Vulnerability Dashboard)β
This is where you see the big picture. It connects to your vulnerability scanner (Tenable.io) and shows you:
- How many vulnerabilities exist across your organization
- Which ones are most critical
- Whether things are getting better or worse over time
- A risk score (called WeaverScore) that tells you what to fix first
Who uses this: Everyone. This is the home page most people see when they log in.
AppSec Scanner (Pentest Automation)β
This module automatically tests your web applications and APIs for security vulnerabilities -- like having an automated penetration tester running 24/7. It uses 59 specialized "agents" that each look for a different type of vulnerability (SQL injection, cross-site scripting, broken access control, and more).
Who uses this: Security analysts, security engineers, and DevSecOps engineers.
AI Labs (Smart Analysis)β
AI-powered tools that help you work faster:
- Fix Plan Generator: Gives you step-by-step instructions to fix a vulnerability.
- Ticket Writer: Creates Jira/ServiceNow tickets from findings automatically.
- Executive Summary: Writes a non-technical summary of your security posture for executives.
- AI Chat: Ask questions about your vulnerability data in plain English.
Who uses this: Analysts (for fix plans and tickets), managers and executives (for summaries and reports).
Cloud Security (Cloud Posture)β
Monitors your cloud environments (AWS, Azure, GCP) for misconfigurations and security issues. Checks whether your cloud resources follow security best practices and compliance benchmarks.
Who uses this: Cloud engineers, security engineers, and compliance officers.
Identity Security (Identity Risks)β
Examines your user accounts and access management (Active Directory, Azure AD, Okta) for risks like:
- Admin accounts without multi-factor authentication
- Dormant accounts that should be deactivated
- Attack paths that hackers could use to escalate privileges
Who uses this: Identity and access management (IAM) teams, security engineers.
Admin (Settings and Users)β
Platform administration: managing users, configuring single sign-on, setting up integrations (Jira, Slack), and controlling data retention.
Who uses this: Platform administrators.
Your First 5 Minutesβ
Here is a quick walkthrough to get oriented. No pressure -- just click around and get familiar with the layout.
Step 1: Log inβ
- Open your browser and go to your ThreatWeaver URL (your admin will provide this).
- Enter your email and password (from the invitation email).
- If your company uses SSO (single sign-on), click "Sign in with SSO" and use your corporate credentials.
Step 2: Explore the home pageβ
After logging in, you land on the Exposure Management dashboard. Take a moment to look at:
- KPI cards at the top -- these show the key numbers (total vulnerabilities, critical count, WeaverScore).
- Trend charts -- are the numbers going up or down?
- The sidebar on the left -- this is how you navigate between modules.
Step 3: Click through each moduleβ
Try clicking through the sidebar to see each module:
| Click this | What you'll see |
|---|---|
| Exposure Management | Dashboard with vulnerability metrics, asset inventory, fix planner. |
| AppSec | Scan assessments, targets, findings from automated penetration tests. |
| AI Labs | AI tools for generating fix plans, tickets, and executive summaries. |
| Cloud Security | Cloud resource inventory and compliance benchmarks. |
| Identity Security | User accounts, exposures, and attack path analysis. |
| Admin | User management, SSO config, integrations, system settings. |
Clicking around the platform is safe. You can view any page without changing anything. The only actions that modify data are buttons labeled "Save", "Create", "Delete", or "Start Scan" -- and most require confirmation before executing.
Step 4: Find your role-specific guidesβ
Now that you have a feel for the platform, jump to the guides written for your role:
Find Your Role-Specific Guidesβ
| Your role | Start here |
|---|---|
| Security Analyst | Security Analyst Guides -- scanning, triaging, reporting |
| Security Engineer | Security Engineer Guides -- auth profiles, scan agents, templates |
| DevSecOps Engineer | DevSecOps Guides -- CI/CD, API, webhooks |
| Administrator | Administrator Guides -- users, SSO, integrations |
| Product Manager | Product Manager Guides -- reports, dashboards, metrics |
| Executive | Executive Guides -- dashboards, posture, board reports |
Not sure which role fits you? Ask your manager or security team lead -- they will point you in the right direction.
Don't Worry If You Don't Understand Everythingβ
Security has a lot of specialized terminology. Here are a few things to keep in mind:
- You don't need to know it all on day one. Start with the guides for your role and learn as you go.
- Hover over terms in the platform. Many elements have tooltips that explain what they mean.
- Check the Glossary whenever you encounter an unfamiliar term.
- Ask your team. Security teams expect questions -- that is how everyone learns.
Where to Get Helpβ
| Resource | When to use it |
|---|---|
| FAQ | Quick answers to common questions. |
| Glossary | Definitions of security terms. |
| Module Overviews | Deeper technical details on each module. |
| Your team Slack channel | Real-time help from colleagues. |
| Your admin or team lead | Platform access issues, role questions. |
Key Terms You'll Hearβ
Here are the most common terms you will encounter. For a complete list, see the Glossary.
| Term | What it means |
|---|---|
| Vulnerability | A weakness in software that an attacker could exploit. |
| Finding | A specific instance of a vulnerability found by a scan. |
| CVSS | Common Vulnerability Scoring System -- an industry-standard 0-10 severity score. |
| WeaverScore | ThreatWeaver's own 0-100 risk score that combines multiple factors beyond just CVSS. |
| MTTR | Mean Time to Remediate -- how long it takes on average to fix a vulnerability. |
| DAST | Dynamic Application Security Testing -- testing a running application by sending it requests. |
| SLA | Service Level Agreement -- the agreed-upon time window to fix vulnerabilities by severity. |
| False Positive | When the scanner flags something as a vulnerability, but it is not actually exploitable. |
| Exception | A documented decision to accept a known vulnerability rather than fix it. |
| Pentest | Penetration test -- a systematic attempt to find vulnerabilities by simulating an attack. |
Welcome aboard! Take your time, explore, and do not hesitate to ask questions. Every expert on your security team started exactly where you are now.