Sharing Findings
BreachSpider allows you to share findings from an environment with external parties -- vendors, MSSPs, other teams, or management -- without requiring them to log into the platform. Shared findings are accessible via a time-limited, read-only link.
How to Share Findings
- Navigate to your environment's Findings tab.
- Click the Share Findings button.
- Configure the share:
- Severity floor: Minimum severity to include (e.g., HIGH includes only HIGH and CRITICAL findings).
- Layer filter: Share only OT, OS, or NETWORK findings (or all).
- Specific CVEs: Optionally select individual CVEs to include instead of using filters.
- Expiry: How long the link remains active. Default: 7 days. Enterprise tier supports custom expiry periods.
- Click Generate Link.
- Copy the generated URL and send it to the recipient.
What the Recipient Sees
The shared link opens a read-only view that includes:
- Environment name.
- List of shared findings with CVE ID, severity, BCS score, KEV status, exploit maturity, and affected asset names.
- Each finding can be expanded to show the SAGE summary, patch status, and CVSS vector.
- Findings are sorted by BCS score.
The recipient does not need a BreachSpider account. They do not see your full environment, other findings outside the share scope, or any internal notes or acknowledgments.
Share Link Expiry
By default, share links expire after 7 days. Once expired, the link returns a "Share link expired" message and cannot be re-activated.
Enterprise tier organizations can configure custom expiry periods when generating the link (e.g., 24 hours, 48 hours, 30 days).
To revoke a share link before it expires, navigate to your environment settings and find the active shares list. Click Revoke to immediately invalidate the link.
Use Cases
Share OT findings with your automation vendor: Your Siemens vendor representative needs to see which CVEs affect your S7-1500 PLCs so they can provide firmware update guidance. Share OT-layer findings filtered to Siemens products.
Share OS findings with your IT patching team: Your IT team manages Windows patches but does not have access to BreachSpider. Share OS-layer findings so they can see what needs patching on HMIs and engineering workstations.
Share critical findings with management: Your plant manager needs to approve an emergency maintenance window. Share a link showing only CRITICAL findings with KEV badges so they can see the urgency.
Share with an MSSP for triage support: Your managed security provider needs to review your findings to provide remediation recommendations. Share all findings above HIGH severity.
Sharing via API
curl -X POST \
-H "Authorization: Bearer bs_live_..." \
-H "Content-Type: application/json" \
-d '{
"severity_floor": "HIGH",
"layer": "OT",
"expires_hours": 48
}' \
"https://breachspider.com/api/v1/environments/5/findings/share"
Response:
{
"status": "success",
"data": {
"share_id": "sh_a1b2c3d4",
"share_url": "https://breachspider.com/shared/sh_a1b2c3d4",
"expires_at": "2026-06-09T12:00:00Z",
"finding_count": 8,
"severity_floor": "HIGH",
"layer": "OT"
}
}
Send the share_url to the recipient.
Audit Trail
Every share action is logged in the audit log as FINDING_SHARED. The log entry includes:
- Who generated the share (actor email).
- Which environment.
- What filters were applied (severity floor, layer).
- How many findings were included.
- The share link URL.
- The expiry time.
If the share link is revoked, that action is also logged.
Security Considerations
- Share links provide read-only access. Recipients cannot modify findings, create tickets, or access any other part of your BreachSpider account.
- Links are cryptographically random and unguessable (256-bit tokens).
- Expired links cannot be accessed.
- Revoked links cannot be accessed.
- Share activity is fully audited.
- Do not share links on public channels. While the links are unguessable, the shared finding data may contain sensitive information about your environment's vulnerabilities.