The Overview section is the first page you see after logging in. It gives you a quick status of your account and links to key areas like Websites, Packages, Scans, Reports and Notifications.

New users can open the built‑in Tutorial, which walks through three core steps: adding your first website, selecting endpoint packages, and reviewing security reports. Each step includes short explanations, concrete examples and direct links into the relevant dashboard views, so you are never left wondering what to do next.

Think of the Overview page as your mission control: it answers “what's happening right now?”, “where should I click next?” and “are there any surprises I should worry about?” in one place. From here, you can explore at your own pace, or simply follow the tutorial path.

The Websites page is where you add and verify the domains Grawlr will scan. At the top, you see how many sites you use out of your plan limit so you always know your capacity.

Use Add Website to provide a friendly name, the full URL (including scheme) and a verification method (file upload, DNS TXT record or META tag). After adding a site, the dashboard guides you through verification and offers Verify or Verify All actions to confirm ownership and readiness for scanning.

Each verification method is designed for a different situation:

• File upload – ideal when you have FTP or deployment access to the web root.
• DNS TXT record – perfect when you control DNS but not the application code.
• META tag – useful when you can edit templates or HTML headers.

Once verified, each website card shows verification status, recent scan status and quick actions. This is where you manage your security surface as a portfolio instead of one site at a time.

The Endpoint Packages page controls which attack patterns Grawlr will replay against your websites and APIs. A usage badge shows how many packages you have selected and how many changes you can still make this month, based on your subscription tier.

You can review currently selected packages, open Select Packages to change your selection, and filter available packages by type (Monthly, Platform, Attack Type, Industry or Starter). Starter and Monthly packages are ideal as a baseline, while Platform and Attack Type packages let you fine‑tune testing for specific stacks and vulnerability classes.

A typical strategy is to:

• Start with a Starter or Monthly package for broad coverage.
• Add Platform packages for technologies you actually use (for example WordPress or Laravel).
• Layer Attack Type packages when you want deeper focus on injections, auth flows or other risks.

Because packages are updated as new attack patterns appear, you get fresh testing behaviour without having to constantly tweak low‑level rules yourself.

The Security Scans page lists all automated tests that Grawlr runs for your account. You can see which scans are running, which have finished, and which may have failed.

Use the status filters (Completed, Running, Pending, Failed, Cancelled), the scan type filters (Scheduled, Initial) and the date range selector to narrow down what you are looking at. When something fails, you can inspect the error details, fix configuration issues such as an offline website, and rerun. Completed scans link directly to detailed reports in the Reports section where you can dig into findings and remediation steps.

The Scans view is where you answer questions like “did our scheduled tests actually run?”, “what changed since last week?” and “are there any failures blocking our security workflow?”. It works hand‑in‑hand with Notifications and Reports to give you both a timeline and a deep dive into results.

The Notifications page centralises account and security events: new scan results, important security alerts, subscription changes and other key activity across your workspace.

You can see unread and total counts at a glance, filter by all, unread, read or urgent, mark all messages as read with a single action, and open linked scan reports directly from relevant notifications. Treat this as your “activity inbox” – if something important happens, you will see it here first.

Typical notification types include:

• Scan completed with new findings.
• Scan failed due to connectivity or configuration issues.
• Subscription or billing‑related changes that may affect limits.
• Important platform updates that could impact your security posture.

Instead of scrolling through logs or email threads, you can use Notifications as a single, in‑product feed of what matters most right now.

Audit Logs record who did what in your account and when, which is essential for compliance, troubleshooting and internal security reviews. Every meaningful action in the dashboard is captured with a timestamp and actor.

Filters allow you to focus on user events, website events, billing events or security events. A date selector lets you inspect a particular period, and depending on your plan you may also have options to export logs into external compliance or monitoring tools.

Common use cases include reconstructing who changed a website configuration before an incident, proving to auditors that only authorised users performed sensitive actions, or correlating Grawlr events with other logs in your SIEM. Audit Logs turn “we think this happened” into “we can show exactly what happened and when”.

The Team page is where you invite colleagues and control who has access to which parts of your Grawlr workspace. It is designed so that non‑technical stakeholders can safely view reports while a smaller core team manages scans, websites and billing.

From here you can invite new members by email and assign roles (Owner, Admin, Member, Viewer), see pending invitations and resend or cancel them, edit existing members’ roles and basic details, and suspend accounts without losing their history. This helps you align access with how your organisation actually works.

A typical pattern is to keep one or two Owners, a few Admins who manage day‑to‑day security operations, several Members who work with reports and website configuration, and Viewers for leadership or stakeholders who only need read‑only insight. Clear roles reduce mistakes and make security responsibilities visible.