Skip to content

End-to-End Platform Guide

BreachSpider is an ICS/OT CVE intelligence platform built for critical infrastructure operators. It is not a network scanner. It does not probe your devices or generate traffic on your control network. Instead, you tell BreachSpider what assets you operate, and the platform continuously matches those assets against 354,000+ enriched CVEs, the Known Exploited Vulnerabilities catalog, and real-time exploitation intelligence feeds.

The result is a prioritized, actionable view of your exposure -- specific to the devices in your environments -- with AI-driven remediation guidance designed for OT operators, not generic IT advice.

The Eight-Stage Workflow

BreachSpider follows a linear workflow from account creation through compliance evidence generation. Each stage builds on the one before it.

Stage 1: Onboarding
   |
   v
Stage 2: Environments and Assets
   |
   v
Stage 3: CVE Intelligence
   |
   v
Stage 4: Watchlist
   |
   v
Stage 5: Findings and Triage
   |
   v
Stage 6: Tickets
   |
   v
Stage 7: Reports
   |
   v
Stage 8: Alerts and Integrations

Stage 1 - Onboarding: Create your account, authenticate with a magic link, install the PWA, choose a subscription plan, and complete the first-time setup checklist.

Stage 2 - Environments and Assets: Define your physical or logical sites (environments), then populate each one with the devices you operate. Assets are the foundation of everything that follows. Without assets, there are no findings.

Stage 3 - CVE Intelligence: Search and explore the enriched CVE corpus. Understand CVSS severity, EPSS exploitation probability, BCS priority scoring, KEV catalog status, and SAGE AI analysis.

Stage 4 - Watchlist: Track specific CVEs that matter to your research or planning, independent of your environment assets. Receive alerts when new exploitation data is published for watched CVEs.

Stage 5 - Findings and Triage: Review the CVE-to-asset matches the platform generates for your environments. Use the Strike List to identify what to fix first. Acknowledge findings with documented reasons to build your audit trail.

Stage 6 - Tickets: Create remediation tickets from findings and route them to email, Jira, or ServiceNow. Set up auto-ticket rules so critical matches generate tickets without manual intervention.

Stage 7 - Reports: Generate executive summaries, environment risk reports, NERC CIP evidence packages, and IEC 62443 reports. SAGE provides AI-generated narrative tailored to each audience.

Stage 8 - Alerts and Integrations: Connect BreachSpider to Microsoft Teams, Slack, email, webhooks, and PagerDuty. Configure per-environment alert routing so the right team gets the right notification.

How Matching Works

BreachSpider does not scan your network. It works from asset data you provide.

  1. You add an asset: vendor (Siemens), product (SIMATIC S7-1500), version (V2.9.4).
  2. The matching engine compares your asset against the full CVE corpus.
  3. Findings are generated for every CVE that affects your vendor/product/version combination.
  4. Findings are scored by BCS (exploitation urgency), not just CVSS (severity).
  5. You triage, ticket, and report on those findings.

This model works for environments where active scanning is impractical or prohibited -- which includes most ICS/OT networks.

Solo Operator vs MSSP

Solo operators (single plant, single utility, small team): Start with one environment representing your primary site. Add your most critical assets first -- PLCs, HMIs, SCADA servers. Work through findings on the Strike List. Generate a baseline report.

MSSPs and consultants managing multiple clients: Use the Clients section to organize client records. Create separate environments under each client. Set per-environment alert routing so each client team receives only their own notifications. Use the dashboard aggregate view to monitor all clients at once.

Tier Summary

  • Free: 50 CVE searches/day, 5 SAGE queries/month, 3 training courses. No environments, API keys, or reports. Good for evaluation.
  • Standard: 500 CVE searches, 50 SAGE queries, environments, assets, alerts, integrations, 30-day audit log. Built for single-site operators.
  • Professional: Unlimited CVE searches, 500 SAGE queries, API keys, voice mode, all report types including NERC CIP evidence, 90-day audit log.
  • API: 1000 req/min, unlimited SAGE, direct programmatic access.
  • Enterprise: Custom pricing, 1-year audit log, dedicated support, SLA, NDA/MSA available.

Start with Stage 1 to create your account and begin the onboarding checklist.