Skip to main content

Cyber Asset Management

Sources and connectors

Your asset inventory is only as complete as the tools feeding it. The Sources & Connectors screens are where you connect those tools, keep them syncing on a schedule, and — for tools that can't connect directly — import their export files by hand. Most of the actions here are available to administrators.

What it's for

  • Connect a new tool from a catalog of supported connectors.
  • Keep sources current with scheduled syncs, or run a sync on demand.
  • Import files from tools you'd rather not connect with credentials.
  • Check on a source — its status, last sync, history, and import policy.

The screens in it

  • Sources & Connectors — the list of everything currently feeding your inventory, with per-source status and actions.
  • Add Connector — the catalog you browse to connect something new.
Sources & Connectors — the source list with status, schedule, and actions

How sources are managed

Every source falls into one of two groups, shown as a badge on its row:

  • Platform-managed — a tool whose credentials live in your workspace's central API settings (for example your vulnerability scanner). CAM reads its assets but never stores a second copy of its credentials.
  • Tenant-managed — a connector you set up inside CAM, with its credentials and schedule managed right here.

A third badge, File import, marks sources whose assets arrive as manually uploaded export files rather than a live connection.

Rows may also carry readiness badges — Proven / Sync validated for well-established connectors, Beta for newer ones, Ready to connect when the connector is wired up and just needs credentials, and Requires agent for sources that collect through an on-premises sensor.

The Sources list

The main table has a row per source with these columns:

ColumnWhat it shows
SourceThe tool's icon and type, plus its management and readiness badges.
NameThe name you gave this source.
StatusActive, Error, or Disabled.
Last syncWhen it last ran, and how that run turned out.
ScheduleIts sync cadence — or Manual upload for file sources, or a note that it's managed by your scanner or API sync for platform sources.
ActionsThe controls for that row (below).

Above the table, a Show disabled toggle appears when any platform source is switched off, and Add Connector opens the catalog.

Row actions

Which actions appear depends on the source's type and your permissions:

ActionWhat it does
SyncRuns a sync now.
TestChecks that the connection and credentials work.
Import fileUploads an export file for a file-based source.
Configure APIEnters or updates the credentials for a connector.
Run inventoryCollects from an on-premises source (such as a directory) through an Inventory Sensor.
Import assetsPulls a platform-managed scanner's existing assets into CAM.
Disable from CAM / Re-enable in CAMRemoves a platform source from CAM (without touching its credentials or assets), or adds it back.
IdentityOpens that source's identity and matching settings.
PolicyOpens the import policy (below).
HistoryOpens the sync and import history (below).
Edit / Rotate / DeleteChange a connector, rotate its credentials, or remove it.
More detailsExpands the row to show sync counts, schedule, and diagnostics.

Import policy

Click Policy on a source to decide whether mobile-device records (Android, iOS, and MDM enrollments) become part of your CAM inventory. Choose Include mobile devices or Skip mobile devices on import, then Save policy.

Sync history

Click History to see the source's recent runs. Each run shows its status, when it started, and its counts (records fetched, assets added and updated, errors). Compare latest two summarizes what changed between the last two runs (added, removed, unchanged). For any run you can download a Summary, Normalized, or Raw CSV.

Sync history — recent runs with counts and downloadable results

Adding a connector

Click Add Connector to open the catalog. A short subtitle invites you to "browse the catalog and connect a new source to your asset inventory."

Add Connector — the searchable catalog of source cards
  • Search by name or vendor to find a tool.
  • The filter tabs narrow the catalog to All, Available, Ready to connect, Requires agent, Platform-managed, or Coming soon.

Each card names the connector, gives a short setup hint, and carries badges for its management type and readiness. A Coming soon card is dimmed and can't be picked yet.

Inside the connector wizard

For most tenant-managed connectors, the wizard walks through four steps:

  1. Type — pick the connector from the catalog (skipped when you arrive from a specific card's Connect button — the wizard opens straight into the next step with that connector pre-selected).
  2. Credentials — a form built for that connector's fields. Secret fields (API keys, passwords) are masked as you type.
  3. Test — validate the connection against the real source. You can retry as many times as you need before moving on.
  4. Schedule — name the source and set its sync cadence, or turn scheduling off to sync it by hand only.

Some connector types add extra steps:

  • Connectors that support both cloud and on-premises deployments insert a deployment step right after Type, asking where that tool is deployed: a Cloud (SaaS) option that talks to the vendor's cloud API, or an On-premises option for a tool that runs on an internal server. Active Directory always takes the on-premises path — there's no cloud option for it.
  • On-premises connectors that need a sensor add a step after Schedule to bind an Inventory Sensor — the on-premises agent that actually runs the collection. If the connector can also be reached directly from ThreatWeaver (for example a dedicated or in-network deployment), you're offered a Direct connection vs. Via Inventory Sensor choice instead of being required to pick a sensor.
  • AWS replaces the plain credentials form with its own flow: choose IAM Role (ThreatWeaver assumes a read-only role in your account using a system-generated External ID — recommended) or Access Key (a static, least-privilege IAM access key and secret); then choose the AWS region scope — Selected Regions (pick specific regions, with a Discover regions lookup) or All Enabled Regions (discover and scan every region enabled on the account automatically at sync time).

Connecting a tenant-managed connector

For a connector you set up inside CAM, the card shows a Connect button. Clicking it takes you to the Sources screen with the credential wizard already open at the right step.

Connecting a source never starts a sync by itself

Entering and testing credentials only creates and validates the source — it does not pull any assets in. Syncing is always a separate, later step: click Test then Sync yourself right after setup (see the workflow below), or leave its schedule enabled and let the next scheduled run bring assets in.

Enabling a platform-managed source

A platform-managed source (such as your vulnerability scanner) is credential-free inside CAM — it reads assets the platform already has. Its card walks through three states:

  1. Needs credentials — a link takes you to configure the tool in your workspace's central API settings first. See Admin.
  2. Configured — an Enable in CAM button opts the source into CAM.
  3. Enabled — a Manage on Sources link takes you to the source's row, where you can Import assets.

Tools that offer both a connection and a file import

Some tools let you either connect with credentials or import an export file. When you pick one of these, ThreatWeaver asks how you want to connect:

  • API connection — connect with credentials and sync automatically on a schedule.
  • Manual file import — no credentials; export from the tool and upload the file here whenever you want to refresh the inventory. Name the new source, click Create file source, then use Import file on its row.

Common workflows

Workflow: connect a new tool and sync it

  1. Click Add Connector and find your tool in the catalog.

    Step 1 — choosing a connector from the catalog
  2. Click Connect and enter the credentials in the wizard.

  3. Back on Sources & Connectors, click Test on the new row to confirm it works, then Sync to pull assets in.

    Step 3 — testing and syncing the new source
  4. Open Asset Inventory to see the assets appear. See Asset inventory.

Workflow: refresh a file-based source

  1. On the source's row, click Import file. The import wizard opens with three steps: Export + upload, Preview, and Import.
  2. Follow the on-screen export instructions for that tool where they're provided, then drop the exported file or click to browse to it. ThreatWeaver validates a sample and shows a preview — mapped columns, row counts, any rejected rows, and identity-quality warnings — before anything is written to your inventory.
  3. On the Import step, choose an Import mode, then click Start import. The import runs in the background; open History on the source's row to confirm it succeeded and see what changed.
Full snapshot replacement can mark real assets as missing
  • Supplemental update — "Add or refresh rows in this file. Missing rows are not marked absent." Use this for a routine, partial, or incremental export.
  • Full snapshot replacement — "Use only for a complete export. Rows absent from this file can be marked missing." Choose this only when the file is a full, current export of everything this source knows about — an outdated or partial file uploaded in this mode can incorrectly mark real, active assets as missing.