Configuring External Attack Surface Management (EASM)

Learn about the External Attack Surface Management (EASM) profile creation.

- User Roles - View and Edit EASM Profile

- How to Configure the EASM Profile

- EASM Profile Configuration Filter Criteria (The details about exclude, include filters and optional settings.)

Important to Know!

You can find detailed information about the Optional Settings in the EASM Profile Configuration Filter Criteria topic. Here is a brief description of these two optional settings.

- Add Internet-facing tagged assets to EASM discovery scan:

Use this optional setting to add Internet-facing tagged assets to EASM discovery scan, in addition to Organization and Domain, etc. Your Internet-facing tagged assets, including scanned and cloud agent assets, are picked up as input to EASM. After the sync, you can see the External Attack Surface details on the “Asset Details” page.

- Enable EASM Scan:

Use this optional setting to start the EASM lightweight scan.

EASM Multiple Profiles - Overview

User Roles - View and Edit EASM Profile

The Configuration tab is shown for super users and users assigned the Edit EASM Configuration and View EASM Configuration permissions. Super users can create and edit the EASM profile. They can also assign Edit EASM Configuration and View EASM Configuration permissions to users with a specific user role to restrict the EASM profile management actions, such as creating, viewing, editing, and deleting the EASM profile. 

How to Configure the EASM Profile

Before the CSAM 2.18.0.0 release, you could create only one EASM profile for your subscription. With the CSAM 2.18.0.0 release, you can create multiple EASM profiles for your subscription.

For detailed information about the multiple EASM profiles, refer to the EASM Multiple Profiles - Overview

1. Go to Configuration > EASM Configuration.

EASM Configuration.

2. Click Add Profile. The Manage Configurations page is displayed. 

3. Create an EASM profile by configuring the filter criteria to discover externally exposed assets and hosts to manage your assets inventory. To know more details about the filter criteria, refer to Filter Criteria in EASM Configuration

Important: You can import the EASM configuration from a JSON file by clicking Import from the Manage Configurations page. After you import the EASM profile configuration, you can make changes on top of it. For more information, see Import an existing EASM Profile Configuration from a JSON file.

 

Manage Configurations page.

If you want to delete the EASM configuration and the EASM data, click Remove All.

4. After you add or update the proper filter criteria, and select the required optional settings,  click Save to discover assets in your inventory. You can also choose to save the profile as a default preference file by clicking Save as Default.

Note: If you edit the profile but want to disregard the changes, you can choose to Reset the changes to default. This option retains your original profile, and the changes made are not applied to it until you save the profile.

Once you validate and save your profile, your sync will start within a couple of hours. This sync automatically repeats after every two days. The sync time depends on the number of assets, and it varies from 2 to 6 hours.

 
If you edit the existing profile but want to disregard the changes, you can choose to Reset the changes to default. The benefit of this option is your original profile is retained, and the changes made are not applied to it until you save the profile.

Note:

- You can see the EASM discovery statuses on the EASM Configuration Page. As a result, you get a better insight into the EASM discovery progress. For more information, see EASM Discovery Statuses

EASM discovery statuses.

-  You can see the EASM assets from only the latest three scans. The assets that are not discovered from these scans are purged.

Once assets are discovered, they can be seen in the Extenal Attack Surface tile on the Home page and on the Inventory tab.  

EASM Assets Discovered

Good to know!

- If the configured max asset sync limit is reached for an EASM profile, a warning message is displayed.

Suppose the maximum limit of 1000 assets is reached, a warning message is displayed on the Assets discovered by EASM tile. To increase the asset limit of your EASM profile for the specific account, contact Qualys TAM. After the asset limit is increased, in the next sync, you can see the discovered assets and the warning message will not be shown anymore.

 Shodan Activation