Skip to content

First Time Setup Checklist

After creating your account, the dashboard displays a 5-step onboarding checklist. This checklist ensures you complete the minimum setup to start receiving actionable vulnerability intelligence. Each step builds on the previous one.

Step 1 - Create Your First Environment

An environment represents one physical or logical site: a water treatment plant, a substation, a manufacturing floor, or a corporate network segment.

How to complete this step:

  1. Click Environments in the left sidebar.
  2. Click New Environment.
  3. Fill in the name, description, site type, and criticality level.
  4. Click Create Environment.

Naming guidance: Be specific. Use "Water Treatment Plant Alpha" or "Substation Beta - Jefferson", not "Site 1" or "Test". Specific names make the dashboard, reports, and audit log immediately readable for auditors and team members.

See the full Creating an Environment guide for field-by-field details.

Step 2 - Add Assets to Your Environment

Assets are the devices inside your environment. BreachSpider matches assets against the CVE corpus to generate findings. Without assets, there are no findings.

How to complete this step:

  1. Navigate to your newly created environment.
  2. Click the Assets tab.
  3. Click Add Asset for manual entry, or Import CSV for bulk import.
  4. For each asset, provide: vendor name, product name, and version (if known).

What to add first: Start with your most critical control system devices -- PLCs, HMIs, SCADA servers, RTUs. These are the assets most likely to have ICS-relevant CVE matches and the ones that matter most for operational safety.

Version matters: Adding a version (e.g., "V2.9.4" for a Siemens S7) narrows matching to the specific affected version ranges. Without a version, BreachSpider matches vendor-wide, which produces more findings but with lower precision.

See the Adding Assets Manually and Bulk Import via CSV guides for complete instructions.

Step 3 - Set Up an Alert

Alerts notify you when something changes that requires attention. At minimum, confirm that email alerts are enabled for your account. For faster response times, connect Microsoft Teams or Slack.

How to complete this step:

  1. Navigate to Integrations in the left sidebar.
  2. Verify that email alerts are enabled (they are on by default for kev.new and cve.critical events).
  3. Optionally, click Add Connection to configure Microsoft Teams or Slack.
  4. Test the connection by clicking the Test button.

Why this matters: When a new KEV entry matches an asset in your environment, you want to know immediately, not when you next check the dashboard. Alert integrations ensure your team sees critical findings in the tools they already monitor.

See the Alerts Overview guide for all alert types and destinations.

Step 4 - Generate Your First Report

Even if your environment has zero findings (which can happen if you just added assets and matching is still running), generating a report confirms the reporting pipeline is working and establishes a baseline.

How to complete this step:

  1. Navigate to Reports in the left sidebar.
  2. Click Generate Report.
  3. Select Executive Summary as the report type.
  4. Select your environment.
  5. Click Generate.

The report generates asynchronously. You receive a notification (bell icon, top right) when it is ready. Complex reports with SAGE narration take 30 to 60 seconds.

Why generate early: A baseline report with zero or few findings is valuable. It proves the platform is operational, documents your starting posture, and gives you a point of comparison for future reports. Auditors appreciate a "before" snapshot.

See the Reports Overview guide for all report types.

Step 5 - Ask SAGE a Question

SAGE (Sovereign AI Governance Engine) is BreachSpider's ICS/OT-specific AI reasoning engine. It understands control system protocols, PLC programming constraints, NERC CIP requirements, and OT-specific remediation strategies.

How to complete this step:

  1. Click the green ASK SAGE button in the bottom right corner of any page.
  2. Type a question. Examples:
    • "What are the most critical vulnerabilities for Siemens S7 PLCs right now?"
    • "Is CVE-2025-32433 relevant to Rockwell ControlLogix controllers?"
    • "What compensating controls should I use for a PLC I cannot patch?"
  3. SAGE responds with ICS-specific context, not generic IT advice.

Free tier users get 5 SAGE queries per month with a blurred preview. Standard tier and above receive full analysis.

After the Checklist

The checklist disappears automatically when all five steps are complete. You can also dismiss it early by clicking the X.

Once the checklist is done, your primary workflow becomes:

  1. Check the Strike List on the dashboard daily.
  2. Triage findings as they appear -- acknowledge, ticket, or escalate.
  3. Generate reports on your schedule (weekly, monthly, or before audits).
  4. Add new assets as your environment changes.
  5. Review alerts as they arrive in your configured destinations.

The platform is now operational. Findings will continue to appear as new CVEs are published and matched against your assets.