Skip to main content

Dashboard

Reading your dashboard

Your main dashboard is a live summary of exposure and risk across your environment. This page explains every part of it — the headline numbers, the charts, and the controls that let you slice the data and dig into the detail behind it.

What it's for

  • Read your posture in seconds from the row of key numbers at the top.
  • Focus the view with filters for time range, patch availability, ownership layer, and system type.
  • Investigate by clicking any chart to open the exact list of findings behind it.

The screens in it

When you open the dashboard you see three bands, top to bottom:

  1. The controls bar — filters on the left, actions on the right.
  2. The headline band — your key numbers and the organization risk score.
  3. The detail band — charts and tables that break the numbers down.
Dashboard overview — controls bar, KPI row, risk score, and detail widgets

The controls bar

The controls bar runs across the top. The left side narrows what the dashboard counts; the right side lets you act on the current view.

Filters (left side)

ControlWhat it does
Time rangeSets the window the trends and time-based numbers cover — 7 days, 30 days, 90 days, 6 months, 1 year, or All.
Patch availabilityLimits findings to All, Patchable (a fix is available), or Unpatchable (no fix yet).
Ownership layerSplits findings by where they live — All Layers, OS, Application, or Needs Review for items not yet classified.

Filters combine: for example, 30 days + Patchable + Windows Server shows only patchable findings on Windows servers over the last month.

Which of these filter rows actually appear is decided per dashboard, not once for your whole workspace. Each dashboard (including the built-in one) can show a different subset of them, and a custom dashboard's creator chooses which rows its viewers get — see Building custom dashboards. If a dashboard doesn't show a filter row here, that row simply isn't part of its configuration; it isn't a workspace-wide switch.

System-type tabs

Below the controls bar is a row of system-type tabs — for example All Systems, Windows Server, Windows Workstation, Linux, Network, and Other. Each tab shows a count and switches the whole dashboard to that group of systems. If a combination of tab and filters has no matching findings, the dashboard tells you so plainly instead of showing empty charts. Which tabs appear is also decided per dashboard, the same way the filter rows are.

Actions (right side)

ControlWhat it does
RefreshRe-fetches every widget's data for the current filters.
ExportDownloads the current dashboard view as a PDF or PNG.
Edit LayoutLets you drag and resize the built-in dashboard's existing widgets. This is your personal arrangement — it doesn't change what other people see — and it doesn't create a separate dashboard. Adding, removing, or reconfiguring widgets isn't available here; use Clone Copy for that.
Clone CopyMakes a true, independent duplicate of the built-in dashboard that you own outright — full editing rights, including adding/removing widgets. See Building custom dashboards.
Edit Layout vs. Clone Copy

The built-in dashboard is shared, so Edit Layout only rearranges and resizes its existing widgets for you personally — it's saved on the same dashboard, not as a copy, and a Reset Layout button (shown while editing) puts it back the way it shipped. If you need to add or remove widgets, change filters, or swap data sources, use Clone Copy to make your own independent dashboard first.

The headline band

Key numbers

The built-in dashboard's headline numbers appear in two rows. The top row, next to the risk score, is:

  • Overall Risk Score — see below.
  • Remediated — how much you've closed out over the last 30 days.
  • Critical + High — the findings that most need attention, with their change versus the previous period.
  • MTTR (Mean Time to Remediate) — how long, on average, it takes to fix a finding.

A second row further down the page adds:

  • Total Active — the overall vulnerability count for the current filters.
  • New Vulns (7d) — findings first seen in the last 7 days.
  • Total Assets — the size of the asset population behind the numbers above.

Most of these respond to the filters and system-type tab you've selected and can be clicked to open the matching findings — except Remediated, MTTR, and the Overall Risk Score, which are aggregate calculations with no single list of "rows" behind them, so clicking them does nothing.

Organization risk score

The Overall Risk Score is a single gauge that rolls your exposure into one figure. Like Remediated and MTTR, it's a calculated aggregate, not a click-through metric. While a score is still being calculated, a placeholder appears in its place.

The detail band

Below the headline band, the built-in dashboard breaks the numbers down with a platform summary strip, trend charts, and a detailed table. You'll typically see:

  • Platform Summary — a compact strip of fleet-level stats (assets, agent coverage, sync/scan recency) for the systems currently in view.
  • Vulnerability Trend and Severity Trend — how totals and the severity mix have moved over the selected time window.
  • Detailed Vulnerability Data — a sortable table of the underlying findings.
  • Total Active / New Vulns (7d) / Total Assets — the second KPI row described above.
  • Severity Distribution — a donut breaking open findings down by severity.
  • Per-Source Contribution — when more than one scanner feeds your data, a donut showing how many findings each source contributes. It reports counts per source only — it does not compute overlap, shared-finding, or unique-finding metrics between scanners.
  • Vulnerability State Summary — a breakdown by finding state (for example active vs. fixed).

Drilling into the detail

Any chart segment is a doorway to the findings behind it. Click a bar, slice, or point and ThreatWeaver opens the full vulnerabilities (or assets) list, already filtered to match what you clicked and the dashboard's current filters — so you go straight from "there's a spike here" to the exact items causing it. This works for the charts and tables in the detail band and for the drillable KPIs above; it does not apply to Remediated, MTTR, or the Overall Risk Score.

Common workflows

Workflow: from a headline number to the findings behind it

  1. Set the time range to the window you care about — for example 30 days.

    Step 1 — choosing the 30-day time range
  2. Choose a system-type tab (for example Windows Server) to focus on one part of your environment. The headline numbers and charts update.

    Step 2 — the dashboard focused on Windows Server
  3. In the severity breakdown, click the Critical segment. ThreatWeaver opens the vulnerabilities list filtered to critical findings on Windows servers over the last 30 days — ready to investigate or act on.

    Step 3 — the filtered vulnerabilities list opened from the chart

Workflow: share a snapshot of the current view

  1. Set the filters and tab so the dashboard shows exactly what you want to share.
  2. Click Export and choose PDF or PNG.
  3. The file downloads to your device, capturing the view as it appears on screen.