# Getting Started > Understand MarlinSpike fast, then bring it up from source, product model, first deployment commands, and documentation trail. *Canonical HTML: https://grassmarlin.com/wiki/getting-started/* *Markdown source: https://grassmarlin.com/wiki/getting-started.md* *Français: https://grassmarlin.com/fr/wiki/getting-started.md* --- MarlinSpike is a passive OT and ICS network analysis platform built for shared field use. This page gives you the product model, the first deployment commands, and the shortest doc trail to the rest of the project. **Passive only**, Packet captures go in, and the platform does not transmit packets back onto the network. **Shared responder workbench**, The normal user model is a shared web surface for the assessment team, not a thick desktop client. **Source plus Docker today**, The current supported install path is still source-first with Docker Compose behind a reverse proxy. ## What MarlinSpike is MarlinSpike is not just a packet parser and not just a topology viewer. It is a field-deployable analyst platform for passive OT and ICS network analysis that turns capture files into topology, asset context, Purdue-level inference, risk findings, suspicious external communication review, and portable JSON report artifacts. The main product ideas from the project README are straightforward: - Passive OT and ICS analysis first. - The modern successor to GrassMarlin: same passive-visibility first principle, rebuilt as a shared web workbench instead of a single-user desktop client. - A shared workbench model with projects, uploads, scans, history, and review. - A portable report contract so analysis and review are not trapped in one UI session. ## Quick start The project documentation keeps the first-run path intentionally short. Clone the repo, set secrets in `.env`, and start the Docker stack. ``` git clone https://github.com/eris-ot/marlinspike.git cd marlinspike cp .env.example .env docker compose up -d --build ``` Open the app at `http://127.0.0.1:5001` or through your reverse proxy. On first boot, MarlinSpike creates an admin user. If `ADMIN_PASSWORD` is blank, a random password is generated and printed in the container logs. ## Core workflow The workflow that shows up throughout the project docs is: 1. Create or choose a project. 2. Upload or select a capture. 3. Run a scan that produces a report artifact. 4. Review topology, findings, inventory, and drift in the workbench. 5. Export or archive the JSON report artifact for downstream use. The report artifact is the main contract boundary. MarlinSpike can review it in the workbench, but the report is also meant to travel with the team. ## Documentation trail If you are new to the project, this is the recommended reading order after this page: - **Operators**, [Deployment](/wiki/deployment.md): Environment variables, Docker Compose, reverse proxying, volumes, upgrades, and backup expectations. - **Analysts**, [Architecture](/wiki/architecture.md): The five-stage analysis chain, protocol coverage, outputs, and the current standards-aligned detection story. - **Developers**, [Repo family](/wiki/repo-family.md): How the suite repo is being split into authoritative component repos for engine, workbench, plugins, and Rust engines. - **Extenders**, [Extensibility](/wiki/extensibility.md): Where new work belongs across Rust engines, Python plugins, and YAML rule packs. The deployment page covers the full Docker, reverse proxy, data volume, upgrade, backup, and remote-host story from the checked-in install docs. Source references: [README.md](https://github.com/eris-ot/marlinspike/blob/main/README.md) · [INSTALL.md](https://github.com/eris-ot/marlinspike/blob/main/INSTALL.md)