Bulk Asset Import via CSV
Use CSV import when you have 6 or more assets to add at once, or when you are populating a new environment with its full device inventory. This is the fastest way to bring an environment online.
Step 1 - Download the Template
Click the CSV Template button in the environment's Assets tab to download a pre-formatted template.
Or download via API:
curl -H "Authorization: Bearer bs_live_..." \
"https://breachspider.com/api/v1/environments/template/csv" \
-o asset_template.csv
The template contains the following columns:
| Column | Required | Description |
|---|---|---|
| name | Yes | Device name your team uses internally |
| vendor | Yes | Manufacturer (use canonical names) |
| product | Yes | Product line or model |
| version | Recommended | Firmware or software version |
| asset_type | Recommended | PLC, HMI, SCADA, DCS, RTU, Historian, Engineering Workstation, Networking, Server, Firewall, Other |
| layer | Recommended | OT, OS, or NETWORK |
| ip_address | Optional | For your reference only |
| mac_address | Optional | For your reference only |
| notes | Optional | Free-text context |
Step 2 - Fill in the Template
Open the CSV in any spreadsheet application or text editor. Add one row per asset.
Version formatting tips:
- Use the exact version string from the device firmware page or configuration screen.
- For Windows: "Windows 10 LTSC 2021", "Windows Server 2019", not just "Windows".
- For Siemens: "V2.9.4" or "2.9.4" -- both are accepted.
- For Rockwell: "32.011" or "V32.011".
- Leave the version cell blank if unknown. Matching will be vendor-and-product-wide.
Common vendor name formats that match correctly:
| Canonical Name | Does NOT Match |
|---|---|
| Siemens | SIEMENS, siemens ag |
| Schneider Electric | Schneider, SE |
| Rockwell Automation | Allen-Bradley, Rockwell |
| ABB | ABB Ltd |
| Advantech | advantech co |
| Moxa | MOXA |
| Cisco | Cisco Systems |
| Microsoft | MSFT |
| Honeywell | honeywell international |
| Emerson | Emerson Electric |
If you are unsure of the correct vendor name, query the catalog:
curl -H "Authorization: Bearer bs_live_..." \
"https://breachspider.com/api/v1/catalog/vendors"
Example CSV content:
name,vendor,product,version,asset_type,layer,ip_address,notes
PLC-Line1-A,Siemens,SIMATIC S7-1500,V2.9.4,PLC,OT,192.168.10.10,Main assembly controller
PLC-Line1-B,Siemens,SIMATIC S7-1500,V2.9.4,PLC,OT,192.168.10.11,Backup controller
HMI-Control-Room,Siemens,WinCC,7.5,HMI,OS,192.168.10.20,Control room operator station
EWS-Engineering,Microsoft,Windows 10 LTSC 2021,,Engineering Workstation,OS,192.168.10.30,TIA Portal installed
Switch-OT-Core,Cisco,IE3400,,Networking,NETWORK,192.168.10.1,Core OT switch
RTU-Pump-Station,ABB,RTU500,12.4.1,RTU,OT,,Remote pump station
Step 3 - Preview (Dry Run)
Upload your CSV for a validation preview before committing the import. The preview shows:
- How many assets will be imported.
- Any rows with validation errors (missing required fields, unrecognized values).
- Which vendor/product pairs matched known entries in the catalog.
- Which will use fuzzy matching (lower confidence).
curl -X POST \
-H "Authorization: Bearer bs_live_..." \
-F "file=@my_assets.csv" \
"https://breachspider.com/api/v1/environments/5/assets/csv-preview"
Review the preview carefully. Fix any rows with errors before proceeding. The preview does not create assets or trigger matching -- it is read-only.
Step 4 - Commit the Import
If the preview looks correct, commit the import:
curl -X POST \
-H "Authorization: Bearer bs_live_..." \
-F "file=@my_assets.csv" \
"https://breachspider.com/api/v1/environments/5/assets/csv-commit"
Or in the UI: after reviewing the preview, click Confirm Import.
The matching engine runs automatically after commit. For large imports (50+ assets), findings may take several minutes to fully populate. You will see findings appearing incrementally in the Findings tab.
Troubleshooting
"vendor not found": The vendor name in your CSV does not match any entry in the BreachSpider catalog. Check spelling against the catalog at /api/v1/catalog/vendors. The most common issue is using informal names (e.g., "Rockwell" instead of "Rockwell Automation").
"product not found": The product name does not exactly match the catalog. The fuzzy matcher will still attempt a match, but confidence will be lower. Check the catalog at /api/v1/catalog/products?vendor=Siemens for the exact product name.
Duplicate assets: The system deduplicates by asset name within an environment. If you import a CSV that contains an asset name already present, the existing asset is updated with the new values rather than creating a duplicate.
Empty version field: This is not an error. The version is optional. Matching proceeds at the vendor/product level, producing more findings with broader scope.
File encoding errors: Save your CSV as UTF-8. Some spreadsheet applications default to Windows-1252 or other encodings that can corrupt special characters in product names.