Viewing Inventory of External Attack Surface Discovered Assets from the Inventory Tab

- Go to Inventory > Assets > All and click EASM from the TAGS group from the left pane. Alternatively, you can go to Inventory > Assets > All and enter tags.name:`EASM` in the search bar. You can see assets that are tagged with an EASM tag.

- Go to Inventory > Assets > Managed and click EASM from the TAGS group from the left pane. Alternatively, you can go to Inventory > Assets > Managed and enter tags.name:`EASM` in the search bar. You can see the managed assets that are already discovered by other Qualys inventory sources, such as IP Scanner. In the Sources column, apart from that other Qualys inventory source, you can also see EASM as the inventory source.

EASM Discovered Managed Assets

- Go to Inventory > Assets > Unmanaged and click EASM from the TAGS group from the left pane. Alternatively, you can go to Inventory > Assets >  Unmanaged and enter tags.name:`EASM`in the search bar. You can see the unmanaged assets that are discovered by EASM. In the Sources column, you can see EASM as the inventory source.

EASM Discovered Unmanaged Assets

Note: The 'Shodan' tag is retained but the 'EASM'  tag is added for all these discovered assets.

External Attack Surface Details of an Asset

After you click an asset, you are redirected to the 'Asset Details' page. From the left pane, click External Attack Surface to view the EASM details.

You can click the following tabs to find the External Attack Surface Details of that asset.

- DISCOVERY PATH: The asset IP shown can include multiple domains or subdomain. You can understand how the asset is attributed to your organization. The TruRisk Score for the asset is also shown. 

EASM Discovery Path

- EXTERNAL VULNERABILITIES: You can see the vulnerability data for that particular IP. The vulnerability data includes vulnerability name, vulnerability score that is shown in descending order, vulnerability type, such as Unverified and Verified, and vulnerability summary. The vulnerabilities shown in the CVE ID column are clickable. Upon clicking a particular vulnerability, you are pointed to the National Vulnerability Database, wherein detailed information about that vulnerability is mentioned.

EASM Asset Details External Vulnerabilities

- DNS DATA: You an see the DNS data for a particular IP.

EASM Asset Details DNS Data

- WHOIS DATA: You can see details about who created the asset, such as Creation date, Domain Name, Registrant email ID, Registrar, and so on.

EASM Asset Details WHOIS Data

- SSL: You can see the certificate details, such as whether it's valid, expired, or expiring.

Asset Details SSL

- OPEN PORTS: You can find the details about unsanctioned services, if any, such as SSH or RDP are running on the asset.

EASM Asset Details Open Ports

- APPLICATION STACK: You can see the details about if the asset is using any unapproved legacy application stack or the application stack you moved away from.

EASM Asset Details Application Stack