Creating an Environment
This guide walks through creating a new environment in BreachSpider, including every field and what it means for your operations.
Step-by-Step
- Click Environments in the left sidebar.
- Click the New Environment button (green, top right).
- Fill in the environment details (described below).
- Click Create Environment.
- You are taken to the environment detail page, showing 0 assets and 0 findings.
Environment Fields
Name (required): A clear, specific name for this site. Use the facility name and location. "Water Treatment Plant Alpha - Jefferson GA" is better than "Site 1". This name appears on the dashboard, reports, alerts, and audit log.
Description (optional): Additional context about this environment. Useful for MSSP operators managing client sites. Example: "Primary treatment facility serving Jefferson municipal water district. 12 PLCs, 4 HMIs, 2 SCADA servers."
Site Type (required): Select from the dropdown:
| Site Type | Use When |
|---|---|
| water-treatment | Water or wastewater treatment facilities |
| electric-utility | Substations, generation plants, distribution |
| manufacturing | Assembly lines, process manufacturing, discrete manufacturing |
| oil-gas | Refineries, pipelines, wellhead operations |
| transportation | Rail, maritime, aviation control systems |
| healthcare | Hospital OT systems, building automation, medical devices |
| corporate-it | IT network segments adjacent to OT |
| other | Anything not covered above |
The site type helps BreachSpider tailor SAGE analysis to your industry context.
Criticality (required): How critical is this environment to safety and operations?
| Level | Meaning | Example |
|---|---|---|
| Critical | Life-safety systems, immediate harm if compromised | Water treatment chemical dosing, gas pipeline controls |
| High | Production impact, significant financial or operational loss | Manufacturing assembly line, power distribution |
| Medium | Operational impact, degraded service but no immediate safety risk | Building automation, non-critical monitoring |
| Low | Supporting systems, minimal operational impact | Lab networks, development environments |
Criticality affects how findings are prioritized on the dashboard. A critical-severity CVE in a critical environment ranks higher than the same CVE in a low-criticality environment.
After Creating
Once the environment is created:
- The environment appears in the left sidebar under Environments.
- The environment detail page shows tabs: Assets, Findings, Tickets, Sites, Summary.
- All tabs show empty states until you add assets.
- Your next step is to add assets. Without assets, the matching engine has nothing to match and no findings will be generated.
- The dashboard will show this environment in the exposure summary once assets are added and findings begin appearing.
Creating via API
curl -X POST \
-H "Authorization: Bearer bs_live_..." \
-H "Content-Type: application/json" \
-d '{
"name": "Water Treatment Plant Alpha",
"description": "Primary treatment facility, Jefferson GA",
"site_type": "water-treatment",
"criticality": "critical"
}' \
"https://breachspider.com/api/v1/environments"
The response returns the created environment object with its assigned id. Use this ID in subsequent API calls to add assets and query findings.
Response example:
{
"status": "success",
"data": {
"id": 5,
"name": "Water Treatment Plant Alpha",
"description": "Primary treatment facility, Jefferson GA",
"site_type": "water-treatment",
"criticality": "critical",
"asset_count": 0,
"finding_count": 0,
"created_at": "2026-06-07T12:00:00Z"
}
}
Editing an Environment
To edit an existing environment:
- Navigate to the environment detail page.
- Click the Settings gear icon in the top right.
- Modify any field: name, description, site type, or criticality.
- Click Save.
Changes to the environment name propagate to the dashboard, reports, and future audit log entries. Historical audit log entries retain the name that was active at the time the event occurred.
Deleting an Environment
Deleting an environment permanently removes all assets, findings, tickets, and sites within it. This action cannot be undone.
- Navigate to the environment detail page.
- Click Settings > Delete Environment.
- Type the environment name to confirm.
- Click Delete.
The deletion is recorded in the audit log as ENV_DELETED. Consider exporting your findings and audit log before deleting.