Adding Assets Manually
Use manual asset entry when you have a small number of devices to add (1-5) or when you are adding a specific device you just identified during a walk-down or inventory check. For larger imports (6+ assets), use the Bulk Import via CSV guide instead.
When to Add Manually
- You installed a new PLC and need to add it to your environment immediately.
- You discovered an unregistered HMI during a plant walk-down.
- You are adding a small number of critical devices to test the platform before a full import.
- You want to see how the matching engine works with a single known device.
Adding an Asset
- Navigate to Environments and select your environment.
- Click the Assets tab.
- Click Add Asset.
- Fill in the asset fields (described below).
- Click Save.
Asset Fields
Name (required): What you call this device internally. Use a name your operations team recognizes. Examples: "SCADA Workstation 01", "PLC-A-Line3", "RTU-Pump-Station-12", "HMI-Control-Room-East".
Vendor (required): The device manufacturer. Use the canonical name that matches BreachSpider's vendor catalog:
| Correct | Incorrect |
|---|---|
| Siemens | SIEMENS, siemens ag, Siemens AG |
| Schneider Electric | Schneider, SE, schneider electric |
| Rockwell Automation | Allen-Bradley, Rockwell, A-B |
| ABB | ABB Ltd, abb |
| Advantech | advantech co, Advantech Co. |
| Moxa | MOXA, moxa inc |
| Cisco | Cisco Systems, cisco |
| Microsoft | MSFT, microsoft corp |
If you are unsure of the canonical vendor name, check the catalog at /api/v1/catalog/vendors or use the vendor search in the asset form.
Product (required): The product line or model. Be as specific as possible. Examples: "SIMATIC S7-1500", "ControlLogix", "Modicon M340", "WinCC", "Modicon M580".
Version (recommended): The firmware or software version running on the device.
- For Siemens: use the "V2.9.4" format shown on the device configuration page.
- For Rockwell: use the firmware revision number, e.g., "32.011".
- For Windows-based HMIs: use "Windows 10 LTSC 2021", not just "Windows 10".
- Leave blank if the version is unknown.
Why version matters: With a version, the matching engine checks whether your specific version falls within the confirmed affected range for each CVE. This produces high-confidence matches with fewer false positives. Without a version, matching is vendor-and-product-wide, which produces more findings but includes CVEs that may not affect your specific firmware revision.
IP Address (optional): The device's network address. This is for your reference and team context only. BreachSpider does not use the IP address for CVE matching or scanning.
MAC Address (optional): The device's hardware address. For reference only.
Asset Type (required): Select the device category:
| Type | When to Use |
|---|---|
| PLC | Programmable Logic Controllers (S7-1500, ControlLogix, Modicon) |
| HMI | Human Machine Interfaces (WinCC, InTouch, Ignition panels) |
| SCADA | SCADA servers and historians (OSIsoft PI, Wonderware Historian) |
| DCS | Distributed Control Systems (DeltaV, Experion, 800xA) |
| RTU | Remote Terminal Units (RTU500, SCADAPack) |
| Historian | Data historians (PI, Proficy Historian) |
| Engineering Workstation | PLC programming laptops/desktops (TIA Portal, Studio 5000) |
| Networking | Switches, firewalls, routers (IE3400, EDS-G508E) |
| Server | General purpose servers in the OT DMZ |
| Firewall | Dedicated firewall appliances |
| Other | Anything not covered above |
Layer (required): Who remediates findings on this device?
- OT: Process control devices. Remediated by OT engineers and automation vendors. PLCs, RTUs, DCS controllers.
- OS: Operating systems and application software. Remediated by IT patching teams. Windows on HMIs, engineering workstations, servers.
- NETWORK: Network infrastructure. Remediated by the network team. Switches, routers, firewalls.
Notes (optional): Any additional context for your team. "Located in Building C, Rack 12", "Vendor maintenance contract expires 2027-03", "Cannot patch without 48-hour maintenance window approval".
After Saving
The matching engine runs automatically when you save an asset. New findings begin appearing within a few minutes. The first run against a vendor like Siemens or Cisco may produce dozens of findings depending on how many CVEs affect that product line.
Check the Findings tab on your environment page to see matches as they appear.
Adding via API
curl -X POST \
-H "Authorization: Bearer bs_live_..." \
-H "Content-Type: application/json" \
-d '{
"name": "SCADA Workstation 01",
"vendor": "Siemens",
"product": "SIMATIC S7-1500",
"version": "2.9.4",
"asset_type": "PLC",
"layer": "OT",
"criticality": "critical",
"ip_address": "192.168.10.15"
}' \
"https://breachspider.com/api/v1/environments/5/assets"