Skip to content

Email Ticketing

Email is the simplest ticket destination in BreachSpider. It requires no integration setup beyond an email address. Available on all paid tiers.

How It Works

When you create a ticket with email as the destination, BreachSpider sends a formatted email to the specified address containing all the information needed to act on the finding.

No external integration, API tokens, or webhook configuration required. If your team can receive email, they can receive BreachSpider tickets.

Email Ticket Format

Subject line:

[BreachSpider Ticket] CRITICAL - Patch Erlang/OTP SSH server - CVE-2025-32433

The subject includes the priority level and CVE ID for quick scanning in an inbox.

Body content:

  • Ticket ID: BreachSpider's internal ticket identifier.
  • CVE ID and BSID: The vulnerability identifiers.
  • Severity badge: CRITICAL, HIGH, MEDIUM, or LOW.
  • Affected asset: The device name and environment.
  • Scores: BCS, CVSS, and EPSS values.
  • KEV status: Whether this CVE is in the KEV catalog.
  • Exploit maturity: NONE, POC, FUNCTIONAL, or WEAPONIZED.
  • SAGE summary: A one-paragraph ICS-specific analysis of the vulnerability and its impact.
  • Patch status: Whether a vendor patch is available, with a link to the advisory if applicable.
  • Remediation guidance: Step-by-step actions from SAGE.
  • Due date: When the remediation should be completed.
  • Direct link: A clickable URL to the finding in BreachSpider for full detail.

Configuring Email Tickets

Manual Ticket Creation

When creating a ticket manually from a finding:

  1. Select Email as the destination type.
  2. Enter the recipient email address in the Destination Email field.
  3. Click Create.

You can enter any email address -- a person, a team distribution list, or a PagerDuty email integration address.

Auto-Ticket Rules

When configuring an auto-ticket rule with email destination:

  1. Navigate to Integrations > Ticketing > Add Rule.
  2. Set the destination type to Email.
  3. Enter the destination email address.
  4. Save the rule.

Every time the rule fires, an email ticket is sent to that address.

Use Cases

Direct to the responsible engineer: Send tickets to the specific person who remediates that device type. [email protected] for PLCs, [email protected] for network devices.

To a team distribution list: Send to [email protected] so the entire OT engineering team sees the ticket and can assign it internally.

To PagerDuty via email: PagerDuty supports email integration. Send tickets to your PagerDuty email address (e.g., [email protected]) to trigger PagerDuty incidents from BreachSpider findings.

To a shared mailbox: Send to a shared mailbox that your triage team monitors (e.g., [email protected]).

To yourself: During evaluation, send tickets to your own email to see what the format looks like and test the workflow.

Multiple Recipients

The email destination field accepts one email address per ticket or rule. To send to multiple recipients:

  • Use a distribution list or group email address that forwards to multiple people.
  • Create multiple auto-ticket rules with the same trigger but different email destinations.

Email Delivery

Ticket emails are sent via Resend, the same email infrastructure used for magic link authentication and alert notifications. Emails are delivered within seconds of ticket creation.

If emails are not arriving:

  • Check spam or junk folders.
  • Verify the email address is correct.
  • Ensure your organization's email gateway allows messages from [email protected].
  • Check the audit log for TICKET_CREATED entries to confirm the ticket was created successfully.

Limitations

Email tickets are one-directional. BreachSpider sends the ticket email, but it does not monitor replies. If the recipient replies to the ticket email, the reply goes to a no-reply address and is not captured.

For bidirectional tracking, use the Jira or ServiceNow integrations, or manage ticket state directly in BreachSpider's Tickets tab.