Glossary
Glossary
Plain-language definitions for the terms you'll see across ThreatWeaver. Terms are listed alphabetically. Where a term has its own section, the link takes you to the fuller guide.
A
Advanced Query Builder The field-by-field filter builder in Exposure Management for building precise conditions — a field, an operator, and a value, combined with AND/OR and nested into groups. An alternative to quick filters; the two are mutually exclusive within a single query. See Vulnerabilities.
Application security (AppSec) The practice of finding and fixing weaknesses in the software your organization builds or runs, as opposed to the servers and devices it runs on. See AppSec.
Asset Anything in your environment that can be scanned or tracked — a server, laptop, cloud instance, application, or other device. Assets are where findings live. See Cyber Asset Management.
B
Business Context An asset-importance tag — for example crown jewel or production — that raises or lowers the risk score of findings on that asset. Set on assets in Cyber Asset Management and used across Remediation, the dashboard, and Exposure Management. See Cyber Asset Management.
C
Connector A configured link that ThreatWeaver uses to connect to and pull data from a third-party asset or security tool, kept current with a scheduled or on-demand sync. See Cyber Asset Management.
Coverage How much of your environment is actually being scanned. Good coverage means few blind spots; a coverage gap is a set of systems that no current scan reaches. See Scanners.
Critical / High / Medium / Low The bands of severity used to rank how serious a vulnerability is. Critical and high findings usually deserve attention first.
D
Dashboard A screen that summarizes your security posture with numbers, charts, and trends. You can use the built-in dashboard or build your own. See Dashboard.
Drill down To click a chart segment or number to see the exact findings behind it, moving from the summary to the detail.
E
Exposure Your overall level of risk from unaddressed weaknesses — a broader view than any single vulnerability, taking into account how many findings you have, how severe they are, and where they sit.
F
Finding A specific vulnerability observed on a specific asset. One vulnerability can produce many findings across your environment — for example, the same missing patch on fifty servers is fifty findings.
Fix plan A prioritized plan for remediating findings, grouping related work so your team can tackle the highest-impact fixes first. See Remediation.
Filter A control that narrows what a screen shows — by time range, severity, system type, and more — so you can focus on a subset of your data.
K
KPI (key performance indicator) A single headline number that tracks something important, such as your total number of vulnerabilities or your overall risk score. KPIs sit at the top of dashboards for an at-a-glance read. See Dashboard.
P
Patch A software update that fixes a known weakness. "Patch available" means a fix exists that you can apply to remediate the finding.
Posture Your organization's overall security standing at a point in time — how exposed you are and how that's trending.
R
Reconciliation The process of resolving records that different sources report for what may be the same asset — merging genuine duplicates and separating records that only look alike — into one accurate record. See Cyber Asset Management.
Remediation The work of fixing a finding — applying a patch, changing a configuration, or otherwise removing the weakness. See Remediation.
Risk score (dashboard) A rolled-up number that summarizes how much risk your environment carries, combining the volume and severity of findings into one figure you can track over time. See Dashboard.
Risk score (per finding) A composite score on a single finding in Remediation, blending its severity, exploitability, whether a patch is available, and the business context of the affected asset — used to rank what to fix first. Unlike the dashboard risk score, it has no volume component. See Remediation.
S
SBOM (software bill of materials) An inventory of the software components that make up an application, including open-source libraries and their versions. It helps you understand what's inside your software and where a newly disclosed weakness might affect you. See Reports.
Scan A single run of a scanner that inspects part of your environment and reports what it finds. See Scanners.
Scanner A tool that inspects your systems or applications for weaknesses and reports them back to ThreatWeaver. See Scanners.
Severity How serious a vulnerability is, expressed as a band (critical, high, medium, or low) and often a numeric score. Severity helps you decide what to fix first.
Single sign-on (SSO) Signing in through your organization's identity provider using your usual company account, instead of a separate ThreatWeaver password. See Signing in for the first time.
SLA (service-level agreement) The target time window for remediating a finding based on its severity — for example, a set number of days to fix Critical findings. Tracked in Remediation's SLA tab, which shows which work packages are on track, at risk, or breached. See Remediation.
T
Trend How a number changes over time, shown as a line or chart. Trends tell you whether things are getting better or worse. See Dashboard.
V
Vulnerability A known weakness that could be exploited — for example a missing patch, an insecure setting, or an outdated component. When a vulnerability is observed on one of your assets, it becomes a finding. See Vulnerabilities.
W
Widget A single chart, table, or number you can place on a dashboard. Choose widgets from the library or build your own. See Dashboard.
Workspace Your organization's isolated area of ThreatWeaver, containing only your own data. If you belong to more than one, you choose which to open when you sign in.