Skip to content

Managing Multiple Environments

Most operators beyond the smallest single-site deployments will manage multiple environments. BreachSpider supports multi-environment operations with aggregate dashboards, per-environment alert routing, and hierarchical organization for MSSPs.

When to Create Multiple Environments

Create a separate environment for each:

  • Physical site: Each plant, substation, pump station, or facility should be its own environment.
  • Criticality zone: If a single facility has both life-safety and non-critical zones, consider separating them to enable different triage priorities.
  • Client (MSSP): Each managed client should have their own environments under their client record.

Do not create separate environments for different device types at the same site. A single environment can contain PLCs, HMIs, servers, and network devices. The layer field handles the distinction between who remediates each finding.

The Aggregate Dashboard

The dashboard shows aggregate exposure across all your environments:

  • Total findings summed across all environments.
  • KEV count across all environments.
  • Critical count across all environments.
  • By Layer breakdown across all environments.
  • Donut chart showing severity distribution for the entire organization.

This gives you a single-pane view of your total exposure. Click into any environment to see site-specific data.

Individual Environment Summaries

Each environment has its own summary page showing:

  • Finding counts by severity for that environment only.
  • KEV and exploit exposure specific to that site.
  • Layer breakdown for that environment.
  • Trend data: is this site improving or worsening over time.
  • Asset count and match coverage.

Use environment summaries for site-specific meetings, shift handoffs, and per-site compliance reviews.

Click Environments in the left sidebar to see all your environments listed with key metrics:

  • Environment name
  • Site type badge
  • Criticality level
  • Asset count
  • Active finding count
  • KEV exposure count

Click any environment to open its detail page. Use the browser back button or sidebar navigation to switch between environments.

Per-Environment Alert Recipients

Alerts can be routed per environment so each team receives only relevant notifications:

  1. Navigate to Integrations > Alert Rules.
  2. When creating a rule, select a specific environment in the Environment dropdown.
  3. Set the destination for that environment's alerts.

Example configuration:

Environment Destination
Water Plant Alpha [email protected] + #water-plant-alerts Slack channel
Substation Beta [email protected] + #substation-alerts Teams channel
Corporate IT [email protected]

This prevents alert fatigue. The water plant team does not get substation alerts, and vice versa.

Sites Within Environments

For large facilities with distinct zones or buildings, use Sites to organize assets within an environment without creating separate environments.

Example: A large manufacturing campus might be one environment ("Manufacturing Campus - North") with sites for each building:

  • Building A - Assembly
  • Building B - Paint Shop
  • Building C - Packaging
  • Building D - Warehouse

Assets are assigned to sites within the environment. Findings inherit the site assignment from their matched asset. You can filter findings by site within the environment.

Sites are optional. Small or simple environments do not need them.

To create a site: navigate to your environment, click the Sites tab, click Add Site, and provide a name and optional description.

MSSP Multi-Client Workflow

Managed security providers should use the Clients hierarchy to organize multi-client operations:

  1. Create a Client record for each customer under the Clients section in the sidebar.
  2. Create Environments under each client. Each client may have one or many environments.
  3. Each client's data is isolated. Client A cannot see Client B's environments, assets, or findings.
  4. You see everything. As the MSSP operator, your dashboard shows aggregate data across all clients and environments.
  5. Alert recipients per environment ensure each client team receives only their own notifications.
  6. Reports are generated per environment or per client, keeping deliverables organized.

Deleting an Environment

Deleting an environment permanently removes all assets, findings, tickets, sites, and summary data within it. This action cannot be undone.

Before deleting:

  • Export the audit log for this environment if you need historical records.
  • Download any reports generated for this environment.
  • Consider whether you need the finding data for compliance evidence.

To delete: navigate to the environment, click Settings > Delete Environment, type the environment name to confirm, and click Delete.

The deletion is recorded in the audit log as ENV_DELETED with the environment name and the actor who performed the deletion.

Environment Naming for Large Deployments

For organizations with many environments, adopt a consistent naming convention:

  • [Client/Region] - [Facility Name] - [Zone]: "Southeast - Jefferson WTP - Process Control"
  • [Facility Code] - [Description]: "JWA-001 - Water Treatment Plant Alpha"
  • [Client Name] - [Site]: "Acme Utility - Substation 4"

Consistent naming makes the dashboard, reports, and audit log readable at scale.