ETM EASM Integration
The integration of Qualys External Attack Surface Management (EASM) with Enterprise TruRisk Management (ETM) allows security teams to connect web application vulnerability findings directly to the ETM platform. This integration enables security teams to view identified vulnerabilities as findings within ETM's unified risk management interface.
EASM provides an external view of your external-facing IT infrastructure to continuously monitor your organization's external attack surface and internet-connected assets, track changes, and receive notifications when new assets, unknown assets, or critical issues are found.
EASM allows you to continuously identify and assess the security and compliance gaps in your organization’s network.
By consolidating security findings from EASM into ETM, organizations gain a holistic view of their security posture across the enterprise. This comprehensive perspective allows for more effective risk management through a single interface.
The findings provide detailed information about each vulnerability, including the affected asset, severity, and current status. This crucial information assists security teams in prioritizing remediation efforts based on risk levels and the potential impact on the organization.
Accessing EASM findings directly within ETM helps security teams streamline their workflow, allowing them to address security issues more efficiently without the need to switch between multiple management interfaces.
Prerequisite
External Attack Surface Management (EASM) must be enabled for your subscription for implementing the EASM integration with ETM.
How Does the Integration Work?
The integration process follows these steps:
The system automatically ingests findings from EASM into ETM as a vulnerability.
After completing the integration, you can view and manage EASM findings within the ETM interface:
- Contact your TAM or support to enable your subscription for WAS.
- Run baseline for EASM to ingest existing EASM data in ETM.
The ETM automatically ingests findings from EASM into vulnerabilities.
The integration ensures data synchronization between systems for current security posture information in ETM for effective risk management.
View Assets and Findings in ETM
- Navigate to Risk Management > Findings > Vulnerabilities to access the consolidated view of security posture findings.
- To filter specifically for EASM findings, use the QQL query syntax:
finding.vendorProductName: EASM. -
To view details about vulnerability, click View Details from the Quick Actions menu of the selected vulnerability.
You can view various details in different tabs.
Summary
The Summary page has different details, such as Basic Details, Description, and asset Information. Cards like Exploits, Patches, and Malware. The Basic Details include details such as the Finding ID, the Type Detected, and whether it has been Confirmed. Information about Sources is available, along with the last-detected and first-detected dates.
QDS Details
The Qualys Detection Score (QDS) Details include Contributing Factors for Qualys Detection Score. Additional Insights such as Technical Attributes, Temporal Attributes, Trending, and Remediation.
Detection Details
The Detection Details page displays Parameters, Payloads, Payload Details, Rationale (Detection Logic), Impact, Recommendations / Remediation Guidance.
Exploitability
The Exploitability page lists known exploits for this vulnerability available from third-party vendors and/or publicly available sources.
Patches
A list of patches available for the vulnerability. Currently, this feature is not available.
Malware
The Associated Malware pages display a list that includes Malware ID, type, Platform, and Risk.
Sources
The Sources page displays details like Title, CVE ID, Status, Category, Sources, Last Detected, First Detected, Port, and Finding Id. Source Records shows a list that includes source, Title, Status, first detected, and last detected.
