Configuring External Attack Surface Management
Click to view navigation pane


Configuring External Attack Surface Management (EASM)

A super user can configure an EASM profile to discover assets through EASM.

Note: If you are currently using Shodan to get visibility to the attack surface, and want to upgrade from Shodan to EASM, refer to Upgrading Shodan to EASM.

1) From the Home page, navigate to Discover and Inventory > Expand your Inventory > Integrate with External Sources. Click Manage Configuration from the External Attack Surface tile. Alternatively, you can configure the EASM profile by clicking Manage Configuration from the banner. You are navigated to the Configuration tab. 

Note: The Configuration tab is shown for Super users only.

2) Configure the filter criteria to discover the externally exposed assets and hosts to manage your assets inventory. To know more details about the filter criteria, refer to Filter Criteria in EASM Configuration.

Configure filter criteria

After you added or updated the proper filter criteria, click Save to discover assets in your inventory. Once you validate and save your filter, your sync will start within a couple of hours. This sync automatically repeats after every two days. The sync time depends on the number of assets, and it varies from 2 to 6 hours.

Note: You can see the EASM assets from only the latest three scans. The assets that are not discovered from these scans are purged.

Once assets are discovered, you can see them in the Extenal Attack Surface tile on the Home page and on the Inventory tab.  

EASM Assets Discovered

Upgrading from Shodan to EASM

If you already activated and configured Shodan, you can upgrade from Shodan to EASM.

Note: The Shodan activation is not supported for new users with a trial or paid subscription. Hence, the Assets Visible on Shodan tile is no longer shown on the Home Page.

1)  From the Home page, navigate to Discover and Inventory > Expand your Inventory > Integrate with External Sources. Click Upgrade to EASM from the Assets visible on Shodan tile.

Assets visible on Shodan

2) The "Upgrade to External Attack Surface Monitoring (EASM)" window is shown. Click Configure Now.

Upgrade for EASM

3) You are redirected to the Configuration tab, and you can now configure EASM.

Note:
-  Your existing Shodan profile gets auto-translated to the EASM profile. Review and confirm and click Save
-  When you upgrade from Shodan to EASM, assets that are imported from Shodan are first deleted, and they are shown again but their asset Ids are changed. 

Existing shodan profile.

Good to know!

- If you want to delete all EASM configurations and the EASM data, click Remove All.

Shodan Activation

- If configured max asset sync limit is reached for an EASM profile, a warning message is displayed.

Suppose the maximum limit of 1000 assets is reached, a warning message is displayed on the Assets discovered by EASM tile. To increase the asset limit of your EASM profile for the specific account, contact Qualys TAM. After the asset limit is increased, in the next sync, you can see the discovered assets and the warning message will not be shown anymore.

 Shodan Activation