ThreatSpire logoThreatSpire

Help & User Manual

ThreatSpire help center

Self-serve answers and step-by-step fixes for the ThreatSpire platform.

FAQ

Frequently asked questions

Getting started & access

Intelligence Requirements

Actors & Reports

IOClytics (single-indicator triage)

Cases

ThreatSpire Honeypot (add-on)

Organization Context & Security Controls

Account, data & security

Add-ons & MSP

Troubleshooting

Symptom → steps. Work through them top-to-bottom.

Sign-in & access

If you see…

Can't sign in

Do this

  1. Check email spelling and Caps Lock; re-enter your password.
  2. If MFA fails, make sure your device clock is accurate (TOTP codes are time-based) and use the current code.
  3. After repeated failures you may be temporarily locked out — wait a few minutes and retry.
  4. Still stuck? Ask an admin to reset your password/MFA (Settings → User Management).

If you see…

Lost or replaced MFA device

Do this

  1. An administrator resets your MFA under Settings → User Management.
  2. Re-enroll a new authenticator app or passkey at next sign-in.

If you see…

"Session expired" or you keep getting sent to the login screen

Do this

  1. Sign in again; ensure cookies aren't blocked for the site.
  2. If using a shared/locked-down browser, allow the app's cookies.

If you see…

"Access required" / 403 on a page

Do this

  1. That page needs a higher role (e.g., admin-only). Ask an administrator for access or to perform the action.

App display & loading

If you see…

A page is blank or shows no data

Do this

  1. Hard-refresh to clear cached assets: Cmd/Ctrl + Shift + R.
  2. Confirm you're on your organization's correct URL/subdomain.
  3. Confirm your role can see that page (some pages are admin-only).

If you see…

A refresh seems stuck / "still loading"

Do this

  1. Refreshes run in the background — wait for it to finish, then reload the page.
  2. If it's stuck for more than ~10 minutes, trigger the refresh again.

Modules & add-ons

If you see…

IOClytics returns "no providers" or a provider error

Do this

  1. An admin opens Settings and adds/validates the threat-intel provider API keys.
  2. Re-run the analysis; provider results should populate.

If you see…

The ThreatSpire Honeypot is missing from the menu

Do this

  1. It's a paid add-on, off by default. Contact your ThreatSpire provider/super-admin to enable it for your org.
  2. After it's enabled, hard-refresh; the "ThreatSpire Honeypot" item appears in the sidebar.

If you see…

A report PDF is slow or a narrative section is empty

Do this

  1. Exports make a live AI + news call — give it a few seconds.
  2. An empty narrative section means the AI/news was briefly unavailable; the rest of the report still generates. Re-export to retry.

API access

If you see…

An API key isn't working

Do this

  1. Send it as X-API-Key: ts_... OR Authorization: Bearer ts_....
  2. Verify the key is active (Settings → API keys) and that you're calling your organization's URL.
Still stuck? Open a support ticket and our team will take a look.