Configuring External Attack Surface Management (EASM)

Once EASM is activated for you, configure a profile to discover assets through EASM.

Note: If you are currently using Shodan to get visibility to the attack surface, and want to upgrade from Shodan to EASM, refer to Upgrading Shodan to EASM.

You can configure the EASM profile either by clicking Configure Now from the  banner or by clicking Configure from the Discover External Attack Surface tile.

1) From the Home page, navigate to Discover and Inventory > Expand your Inventory > Integrate with External Sources. Click Configure from the Discover External Attack Surface tile.

Configue EASM

 

External Attack Surface Tile

2) The "Activate External Attack Surface Monitoring (EASM)" window is shown. Click Configure Now.

Activate EASM

3) Configure the filter criteria to discover the externally exposed assets and hosts to manage your assets inventory. To know more details about the filter criteria, refer to Filter Criteria in EASM Configuration.

Configure filter criteria

After you added or updated the proper filter criteria, click Save to discover assets in your inventory. Once you validate and save your filter, your sync will start within a couple of hours. This sync automatically repeats after every two days. The sync time depends on the number of assets and it varies from 2 to 6 hours.

Once assets are discovered, you can see them in the Assets discovered by EASM tile on the Home page and on the Inventory tab.  

EASM Assets Discovered

Upgrading from Shodan to EASM

1)  From the Home page, navigate to Discover and Inventory > Expand your Inventory > Integrate with External Sources. Click Upgrade to EASM from the Assets visible on Shodan tile.

Upgrade from Shodan to EASM

2) The "Upgrade to External Attack Surface Monitoring (EASM)" window is shown. Click Configure Now.

Upgrade for EASM

3) You are redirected to the 'Manage EASM Configurations' page.

Note:
-  Your existing Shodan profile gets auto-translated to the EASM profile. Review and confirm and click Save
-  When you upgrade from Shodan to EASM, assets that are imported from Shodan are first deleted, and they are shown again but their asset Ids are changed. 

Good to know!

- If you want to delete all EASM configurations and the EASM data, click Remove All.

Shodan Activation

- If configured max asset sync limit is reached for an EASM profile, a warning message is displayed.

Suppose the maximum limit of 1000 assets is reached, a warning message is displayed on the Assets discovered by EASM tile. To increase the asset limit of your EASM profile for the specific account, contact Qualys TAM. After the asset limit is increased, in the next sync, you can see the discovered assets and the warning message will not be shown anymore.

 Shodan Activation