Viewing Inventory of External Attack Surface Discovered Assets from the EASM Tab

The EASM tab is specifically designed to highlight the metadata of externally exposed assets, such as domains, subdomains, ports, and so on.

From the EASM tab, you can find detailed information about the externally exposed assets that facilitate you to take desired actions on these assets.

Asset Inventory from EASM tab

(1)  On the Newly Discovered tile, you can see the newly discovered externally exposed assets from the latest scan. 
(2)  On the EOL/EOS Software tile, you can see the count of EOL and EOS software for externally exposed assets. Upon clicking the EOL/EOS count, you are navigated to Inventory > Software

EOL and EOS Software Count from Inventory Tab

- The counts on the Newly Discovered and EOL/EOS Software tiles are shown based on the days, hours, or days range option that you select. These counts don’t change until you change the option that you selected. 

See the following screen capture that shows the changed count on the Newly Discovered tile after changing the filter option.

Static EOL and EOS Software Count
- Also, the counts don’t change though you run any QQL.

(3)  TruRisk Score: You can see the TruRisk Score for assets on which vulnerabilities are detected. 

Asset Risk Score for Assets

Note: When you see asset details of an individual asset that is exposed to vulnerabilities, on the ‘Asset Summary’ page, you can see the TruRisk Score for that asset.

Asset Summary page

In the case of externally exposed unmanaged assets, when you click the TruRisk Score count, you are navigated to the TruRisk Score page. You can see the TruRisk Score and its contributing factors, and a detailed summary of vulnerabilities detected.

TruRisk tab Asset Detail Page

When you click the QVS count from the Vulnerabilities summary, you can see the Qualys Vulnerability Score (QVS) Details for that QVS.

Alternatively, you can click the External Attack Surface tab to see a summary of vulnerabilities detected for an asset. 

EAMS External Vulnerabilities

(4)  Open Ports: You can see the protocol type and count of open ports for the externally exposed assets.
(5)  Hosting: You can see the hosting providers’ names.
(6)  Domain: You can see domain and subdomain details of the externally exposed assets.
(7)  EASM-specific quick filters: In the left pane, you can see the EASM-specific quick filters, such as HOSTING, ORG/SUBSIDIARY, and TAGS.

Note: The inventory of externally exposed assets gets refreshed after every 48 hours.