Skip to main content

Exposure Management

API Config & API Sync

API Config and API Sync are two related administrator screens. API Config is where you enter and test the credentials each scanner engine needs to talk to ThreatWeaver. API Sync is where you control how often ThreatWeaver checks that engine for new data, run a sync on demand, and verify that what ThreatWeaver has matches what the scanner reports.

Available to administrators only

Both screens are administrator-only. If you don't see them, your account doesn't have administrator access.

What it's for

  • Connect an engine: save the API credentials ThreatWeaver needs to pull assets and vulnerabilities from a scanner.
  • Keep data current: set an automatic sync schedule, or trigger a sync right now.
  • Confirm your data is right: compare what ThreatWeaver has against what the scanner actually reports, and repair specific, reviewed differences.
  • Keep dashboards in step with your data: rebuild the snapshots your dashboards and trends read from after a sync.

The screens in it

Both API Config and API Sync show the same row of engine tabs across the top: Tenable.io, Qualys VMDR, Rapid7 InsightVM, and WeaverScan (Built-in), so you work through each engine one at a time.

API Config: the engine tabs with Tenable.io open

Tenable.io is the engine with a complete, working pipeline today: credentials, scheduled and manual sync, verification, and repair all work end to end. Qualys VMDR and Rapid7 InsightVM currently support entering and testing credentials; saving them and running a sync isn't available yet. WeaverScan is ThreatWeaver's built-in scanner and needs no credentials. See WeaverScan for managing its agents.

API Config

Tenable.io

ControlWhat it does
Live Scanner / SandboxA switch between live data and sample data. Switching either way opens a confirmation dialog explaining the effect before it takes hold. Sandbox mode makes no calls to your scanner and shows example data instead.
Access Key / Secret KeyPaste your API key values here. A show/hide icon reveals what you've typed.
Test ConnectionChecks the keys you've entered against Tenable.io and shows Connected or Failed.
Save KeysStores the credentials. The card shows Configured, plus who last updated the keys and when. Enter new values only when you want to rotate them. A saved key is shown masked, with its last few characters visible.
Audit HistoryThe most recent credential and connection-test activity for this engine: who did what, whether a test succeeded, and when.
Sandbox mode is clearly flagged

While Sandbox / Demo mode is active, a banner reminds you the dashboard is showing sample data and that switching to Live Scanner (with valid keys) is what shows your real vulnerability data.

Qualys VMDR & Rapid7 InsightVM

Both engines have a credentials form (API URL plus Username/Password for Qualys, API URL plus API Key for Rapid7) and a working Test Connection button so you can confirm ThreatWeaver can reach your instance today.

Saving credentials isn't available yet for these two engines

Save Keys is disabled for Qualys and Rapid7 while their full sync pipelines are still being built. You can test a connection now; saving credentials for ongoing sync arrives in a later release.

WeaverScan (Built-in)

WeaverScan ships with ThreatWeaver and needs no external credentials; agents enroll and submit results directly. Manage WeaverScan agents from WeaverScan.

API Sync

Qualys & Rapid7

Scheduled and manual sync aren't wired up yet for these two engines. Save and test their credentials on the API Config tab in the meantime; the full sync pipeline arrives with a later release.

WeaverScan (Built-in)

WeaverScan doesn't run on a schedule the way external engines do; your assets and vulnerabilities update automatically as agent scans complete. Manage agents and enrollment from WeaverScan.

Tenable.io

This is the fully working sync engine, with four parts.

Automatic sync schedule

API Sync: the automatic schedule and manual sync controls
ControlWhat it does
Interval buttons (1, 2, 4, 6, 8, 12, or 24 hours)Sets how often ThreatWeaver checks Tenable.io for new data. Applies immediately and restarts the schedule.

The card shows exactly when the next sync will run, counting down live. If a previous sync was interrupted, a recovery banner appears below the schedule (and above the sync-status card further down) listing each interrupted job with its progress and error, and lets you Resume it from where it stopped or Discard it (after a confirmation): discarding keeps any partial data already imported but won't try to finish the job.

Sync status & manual sync

ControlWhat it does
Sync scopeHow much history a manual sync should cover: the recommended Smart Window, Last 90 Days, Last 1 Year, a Custom Date, or Include Full History.
Full SyncPulls both assets and vulnerabilities right away, using your chosen scope.
Sync Assets OnlySyncs assets only; runs immediately regardless of the scope selector.
Sync Vulnerabilities OnlySyncs vulnerabilities only, using your chosen scope.
Stop SyncAppears while a sync is running, so you can cancel it (with a confirmation) partway through.

While a sync runs, the card shows its live status, a time estimate, and a progress bar with the record count processed so far. When idle, it shows 100% · All systems synced.

Recalculate Dashboard Statistics

If dashboard numbers look out of date after a sync, this rebuilds the snapshots your dashboards and trends read from, without re-syncing your scanner.

ControlWhat it does
Check HealthRefreshes the health readout below without changing anything.
RangeThe date span to rebuild: 7, 30, or 90 days; 1 year; all time; or a custom range.
Force UpdateRuns the rebuild even if ThreatWeaver would otherwise skip it (for example, because no sync has completed yet today).
Recalculate StatsStarts the rebuild for the selected range. A progress readout tracks the phase and percentage while it runs, and you can Cancel it.

Below the controls, a health readout shows whether your recent data is Healthy, needs attention, or is in Repair Needed state, broken down by category and by finding layer, with a note telling you which date range to recalculate if something needs fixing.

If a recalculation won't start

ThreatWeaver may block a recalculation with the message "Blocked: No complete sync today. Enable 'Force Update' to override." Turn on Force Update and try again.

Current-state verification

Compares what your scanner reports right now against what ThreatWeaver has stored, and records the evidence before anything is repaired.

Current-state verification: a completed run with its evidence summary
ControlWhat it does
Verify Current State NowCompares the scanner's current open and reopened findings against ThreatWeaver's records. This only compares; it doesn't change any data.
Verify Explicit Fixed EvidenceSpecifically asks the scanner to confirm which findings it considers fixed, rather than inferring a fix from a finding simply being absent.
Open Report Center / JSON / CSVView or download the completed run's evidence.

Once a comparison finishes, a summary shows how many findings matched, appeared only in the source scanner, appeared only in ThreatWeaver (flagged for review), or matched with differing metadata such as IP or hostname. If administrators on your team have the ability to apply repairs, up to three review-and-apply actions can appear:

ControlWhat it does
Apply ReviewedApplies only the rows the scanner explicitly confirmed in the run. It can reopen a finding ThreatWeaver had marked fixed if the scanner still reports it, but never closes, fixes, archives, or stales anything on its own.
Apply Fixed EvidenceMarks findings fixed only where the scanner explicitly confirmed the fix, never inferred from a missing row.
Mark Stale CandidatesFlags ThreatWeaver-only findings as stale candidates for review, when your scanner is set up so that a missing row is meaningful. It only flags for review; it doesn't close or change anything else.

Each of these opens a confirmation dialog that states exactly what it will and won't do before anything happens.

A run can go stale, or be too broad to apply

If a new sync happens after a verification run finishes, that run is marked stale and its apply actions are blocked until you verify again. A run that compared an unusually large number of records is also blocked from being applied, with a message asking you to verify a narrower scope first.

A history table below lists every verification run with its status, evidence counts, and a link to its full report.

Sync & jobs history

A combined history of every background job related to this engine (syncs, recalculations, and repairs), not just sync runs.

ControlWhat it does
SearchFilters the loaded runs by title, description, or who triggered them.
Status filterAll / Completed / Failed / Running / Cancelled.
Trigger filterAll / Manual / Scheduled.
Export CSVDownloads the currently visible history.
Row → View detailsExpands a run to show its metadata and a step-by-step timeline.
Row → Cancel runFor a run that's still in progress, requests that it stop at its next safe checkpoint (with a confirmation). Work already done is kept.
Load MoreLoads older runs.

Each row shows the job's type, when it started, who or what triggered it, its status, how long it took, and its record counts, with a Result badge calling out whether anything failed.

Common workflows

Workflow: connect a new scanner engine

  1. On API Config, select the engine's tab (for example Tenable.io).
  2. Paste your API credentials into the fields shown for that engine.
Step 1: entering an engine's API credentials
  1. Click Test Connection to confirm ThreatWeaver can reach it.
  2. For Tenable.io, click Save Keys. The card updates to Configured. Then activate the engine on Data sources & connectivity so it starts feeding your Vulnerability Management views.

Workflow: sync now and confirm your data matches

  1. On API Sync, choose a sync scope that fits what you need, then click Full Sync and watch the status card until it returns to Idle.
Step 1: a sync in progress
  1. Click Verify Current State Now to compare what ThreatWeaver stored against what the scanner currently reports.
  2. Review the summary: matched, source-only, ThreatWeaver-only, and metadata differences.
  3. If you have the ability to apply repairs and something needs fixing, click Apply Reviewed (or the more specific action that fits), confirm the dialog, and check the run's status in Sync & Jobs History.

Workflow: fix stale dashboard numbers

  1. On API Sync, check the Current health readout under Recalculate Dashboard Statistics.
  2. Set Range to cover the dates flagged as needing attention.
  3. Click Recalculate Stats and watch the progress readout. If it's blocked, turn on Force Update and try again.
Step 3: a recalculation in progress