Threat Modeling Projects Overview
Overview
Threat Modeling Projects act as dedicated workspaces for analyzing application components, API endpoints, and security risks. Each project contains:- API endpoint inventory
- Automatically generated threat findings
- Threat severity & confidence analytics
- Project-level completion status
- Collaborators & permissions
- Workload distribution and ownership
Key Metrics & Insights
Total Endpoints
Total API endpoints included in the modeling scope of the project.
Total Threats
Count of all identified or generated threats across the project.
Progress Status
Tracks how much threat analysis is completed for the project.
Exploring Existing Projects
Threat Modeling Projects Overview
- Project name and short description
- Total Endpoints and Total Threats
- Progress bar to visualize activity and coverage
- Started date (how long the project has been active)
- Owner avatar to see who is responsible
- Metrics – overview of threats, severity distribution, and progress
- API Endpoints – list of imported endpoints and their threat status
- Threats – all generated or manually created threats
- Project Settings – collaborators and ownership
- Admin Settings – advanced controls for the project
Creating a New Project
To start threat modeling for a new application or service:1
Open the Projects page
From the left navigation menu, go to Threat Modeler → Projects.
2
Click Create Project
In the top-right corner, click the blue Create Project button.
Threat Modeling Projects Overview
3
Fill in project details
In the Create Project modal:
- Name – a clear name such as
Snapsec Portal - Description – short context for the team (what this system does, environment, etc.)
- Select Collections – optionally attach one or more API collections (for example, Postman collections) that contain the endpoints you want to model.
Threat Modeling Projects Overview
4
Create the project
Click Create to finalize. You will be redirected to the new project view.
A project is the container for everything related to a system: endpoints, threats, collaborators, and ownership settings.
Importing API Endpoints into a Project
The API Endpoints tab is where you centralize all endpoints for a project. To import endpoints:1
Go to API Endpoints tab
Open your project and select the API Endpoints tab from the top navigation.
Threat Modeling Projects Overview
2
Click Import API Endpoints
Use the Import button on the top-right of the endpoints table.
Threat Modeling Projects Overview
3
Upload your source
Upload your API definition file (for example, a Postman collection export or similar JSON file).
Threat Modeling Projects Overview
4
Review imported endpoints
After import, endpoints appear in the table with:
- Endpoint path and name
- HTTP method
- Host
- Total threats
- Threat status and actions (re-generate, delete, etc.)
Once endpoints are imported, Threat Modeler can automatically generate threats for them using your configured rules and AI engine.
Importing Threats from CSV
If you already have threats defined in spreadsheets or another system, you can bulk-import them. To import threats:1
Open the Threats tab
Inside your project, go to the Threats tab.
Threat Modeling Projects Overview
2
Click Import Threats
Use the Import Threats button on the top right (CSV import icon).
3
Upload CSV file
Select your CSV file following the expected format (columns such as title, description, severity, state, endpoint mapping, etc.).
Threat Modeling Projects Overview
4
Confirm and import
Confirm the mapping if prompted and complete the import. All rows will appear as threats in the table.
CSV import is ideal when migrating from legacy tools or loading a batch of identified threats during onboarding.
Downloading Threats as CSV
You can export threats to CSV for reporting, sharing with other systems, or offline analysis.1
Go to the Threats tab
Open the project Page.
Threat Modeling Projects Overview
2
Click Download CSV
Click on the 3 dots and Then Click on “Export Csv Report”.
Threat Modeling Projects Overview
3
Use the CSV output
The generated CSV includes key fields such as:
- Threat title and description
- Severity, state, and confidence
- Linked endpoint information
- Timestamps and metadata
Adding or Removing Collaborators
Collaborators control who can see and manage a project. To manage collaborators:1
Open Project Settings
Within a project, click the Project Settings tab.
Threat Modeling Projects Overview
2
Add a collaborator
Threat Modeling Projects Overview
- Choose a user from the Collaborators dropdown
- Select a Role (Owner, Editor, or Viewer)
- Click Update Collaborator
3
Remove a collaborator
In the collaborators list, click the trash icon next to the user you want to remove.
Threat Modeling Projects Overview
Use Owner for people responsible for security decisions, Editor for active contributors, and Viewer for stakeholders who only need read-only access.
Setting a Default Threat Owner
The Default Threat Owner is the person who will be assigned as the owner for new threats when no specific owner is specified. To configure:1
Go to Project Settings
Inside the project, open the Project Settings tab.
Threat Modeling Projects Overview
2
Choose Default Threat Owner
In the Default Threat Owner section:
- Select a team member from the dropdown.
Threat Modeling Projects Overview
3
Save the setting
Click Update Default Threat Owner.
4
How it works
All newly created or imported threats without an explicit owner will be automatically assigned to this member. Ownership can still be changed later on individual threats.
A default owner ensures that every threat has a clearly responsible person from day one, avoiding “unowned” risks.
Explore Live Demo
Explore Snapsec Live — No Signup Needed
Jump straight into the live environment and see how Snapsec unifies asset intelligence, threat detection, and vulnerability tracking — all in one dashboard.