Filter Criteria in External Attack Surface Management (EASM) Configuration

Let's understand the filter criteria that enable you to discover hosts that are externally exposed.

When you configure EASM for the first time, verify the Organization and the Domain details.

Note:
- If you want to upgrade from Shodan to EASM and you already configured Shodan, the existing Shodan profile will be migrated to EASM.
- The wildcard is not supported for all seed and filter types. When you upgrade from Shodan to EASM, if there are any wildcards, you must remove them before saving the EASM profile.
- For a seed type domain, only Top-Level Domain (TLD) or Root domains are supported. Hence, when you upgrade from Shodan to EASM, if there are any subdomains, remove them before saving the EASM profile.

The Subsidiaries Enumeration and Horizontal Domain Enumeration checkboxes are selected by default and they are applicable for Organization and Domain seed type only.

Seed Type for Include

Filter Description Examples
Organization Name of the organization that owns the IP space. Note: The correct legal entity name should be the name of the organization. Google LLC
Domain Domain of the EASM assets. Note: Only the top-level domain is expected. google.com
IP/Netblock Alias for net filter string 34.120.218.237
Certification Subject Certificate cadz02.canadadz.com

 

Seed Type for Exclude

Filter Description Examples
Organization Name of the organization that owns the IP space. Note: The correct legal entity name should be the name of the organization. Google LLC
Domain/SubDomain Domain/SubDomain of the EASM assets. qualys.com/doc.qualys.com
IP/Netblock Alias for net filter string 34.120.218.237
City Name of the city Kansas City
Country 2-letter country code US

 

This is your Seed section Type and Value.

- Add Filters: If you click Add Filters, then the relation of the seed with the filters will be AND.

Type Filters

While adding the filter criteria, use the button to add multiple IPs and Cities or you can add the IPs or Cities in the same text boxes by using a semicolon-separated list. Select Country from the Country list by searching through a country name. When you select the country,  the 2-letter country code for that country is selected. Use the button to add multiple countries.  

Note: The Subsidiaries Enumeration and Horizontal Domain Enumeration checkboxes are selected by default. If you clear these checkboxes, then subsidiaries and horizontal domain enumeration are not included in the EASM configuration.

- Add Section: If you click Add Section, then a different section is added.

The filter section is given for each seed type.

- Add Exclusion: The Exclude section will be a AND operation with the Include section.

You can provide multiple values for all seed types by separating the values using a semicolon.

You can also exclude IP addresses from the EASM Discovery.