Quick Start Guide

Get your first OT network visible in Breakwater in under 15 minutes.

Step 1: Create Your Account

1. Navigate to breakwater.techgonecoastal.com
2. Click Sign Up and create your account
3. You'll land on the Breakwater Portal — your command center

Step 2: Create a Site

A site represents a physical location — a plant, facility, or building.

1. Open Helm from the portal
2. Click the Collector button in the toolbar
3. Enter your site name, location, and network subnets (CIDR notation)
4. Choose your deployment mode:
   • Cloud — data sent to Breakwater cloud (recommended)
   • Hybrid — local processing with cloud sync
   • Air-Gapped — fully on-premise (no internet required)

Step 3: Deploy a Collector

The Collector discovers devices on your OT network via SNMP and network scanning.

Docker (Recommended)

docker run -d \
  --name breakwater-collector \
  --network host \
  -e SITE_TOKEN=YOUR_your-site-token \
  -e API_URL=https://breakwater.techgonecoastal.com \
  coastal/breakwater-collector:latest

Docker Compose

Download the compose file from the setup wizard and run:

docker compose up -d

Install Script

curl -fsSL https://breakwater.techgonecoastal.com/install.sh | sudo bash -s -- \
  --site-token YOUR_your-site-token \
  --mode collector

Air-Gapped

Download the .tar.gz bundle, transfer via USB, and:

tar xzf breakwater-collector.tar.gz
cd breakwater-collector
sudo ./install.sh --air-gapped

Step 4: Verify Connection

Once the Collector is running, return to the setup wizard:

1. The wizard will detect the Collector's heartbeat
2. Devices will begin appearing in Manifest within minutes
3. CVE matches will populate in Lookout automatically

Step 5: Explore

• Helm — Visualize your network topology on the Purdue Model canvas
• Manifest — Review discovered assets, firmware versions, and lifecycle status
• Lookout — Check CVEs and threat intelligence relevant to your devices
• Forecast — See financial risk exposure calculated from your equipment
• Channel — Set up secure remote access (requires Gateway deployment)

Next Steps

• Deploy a Gateway for secure remote access + IDS
• Configure access policies for vendor/contractor access
• Set up alerts for new CVE notifications