- Go to Inventory > Assets > All and click EASM from the TAGS group from the left pane. Alternatively, you can go to Inventory > Assets > All and enter tags.name:`EASM` in the search bar. You can see assets that are tagged with an EASM tag.
- Go to Inventory > Assets > Managed and click EASM from the TAGS group from the left pane. Alternatively, you can go to Inventory > Assets > Managed and enter tags.name:`EASM` in the search bar. You can see the managed assets that are already discovered by other Qualys inventory sources, such as IP Scanner. In the Sources column, apart from that other Qualys inventory source, you can also see EASM as the inventory source.
- Go to Inventory > Assets > Unmanaged and click EASM from the TAGS group from the left pane. Alternatively, you can go to Inventory > Assets > Unmanaged and enter tags.name:`EASM`in the search bar. You can see the unmanaged assets that are discovered by EASM. In the Sources column, you can see EASM as the inventory source.
After you click an asset, you are redirected to the 'Asset Details' page. From the left pane, click External Attack Surface to view the EASM details.
You can click the following tabs to find the External Attack Surface Details of that asset.
- DISCOVERY PATH: The asset IP shown can include multiple domains or subdomain. You can understand how the asset is attributed to your organization.
- EXTERNAL VULNERABILITIES: You can see the vurnerability data for that particular IP. The vulnerability data includes vulnerability name, vulnerability score that is shown in the descending order, vulnerability type, such as Unverified and Verified, and vulnerability summary.
- DNS DATA: You an see the DNS data for a particular IP.
- WHOIS DATA: You can see details about who created the asset, such as Creation date, Domain Name, Registrant email ID, Registrar, and so on.
- SSL: You can see the certificate details, such as whether it's valid, expired, or expiring.
- OPEN PORTS: You can find the details about unsanctioned services, if any, such as SSH or RDP are running on the asset.
- APPLICATION STACK: You can see te details about if the asset is using any unapproved legacy application stack or the application stack you moved away from.
