Once EASM is activated for you, configure a profile to discover assets through EASM.
Note: If you are currently using Shodan to get visibility to the attack surface, and want to upgrade from Shodan to EASM, refer to Upgrading Shodan to EASM.
You can configure the EASM profile either by clicking Configure Now from the banner or by clicking Configure from the Discover External Attack Surface tile.
1) From the Home page, navigate to Discover and Inventory > Expand your Inventory > Integrate with External Sources. Click Configure from the Discover External Attack Surface tile.
2) The "Activate External Attack Surface Monitoring (EASM)" window is shown. Click Configure Now.
3) Configure the filter criteria to discover the externally exposed assets and hosts to manage your assets inventory. To know more details about the filter criteria, refer to Filter Criteria in EASM Configuration.
After you added or updated proper filter criteria, click Save to discover assets in your inventory. Once you validate and save your filter, your sync will start within a couple of hours. This sync automatically repeats after every two days. Once assets are discovered, you can see them in the Assets discovered by EASM tile on the Home page and on the Inventory tab.
1) From the Home page, navigate to Discover and Inventory > Expand your Inventory > Integrate with External Sources. Click Upgrade to EASM from the Assets visible on Shodan tile.
2) The "Upgrade to External Attack Surface Monitoring (EASM)" window is shown. Click Configure Now.
3) You are redirected to the 'Manage EASM Configurations' page.
Note: Your existing Shodan profile gets auto-translated to the EASM profile. Review and confirm and click Save.
- If you want to delete all EASM configurations and the EASM data, click Remove All.
- If configured max asset sync limit is reached for a EASM profile, a warning message is displayed.
Suppose the maximum limit of 1000 assets is reached, a warning message is displayed on the Assets discovered by EASM tile. To increase the asset limit of your EASM profile for the specific account, contact the Qualys TAM. After the asset limit is increased, in the next sync, you can see the discovered assets and the warning message will not be shown anymore.