Skip to main content

EASM Inventory

The EASM Inventory page provides a highly customizable grid that displays a list of all discovered assets, services and potential vulnerabilities that are accessible from the internet.

This page contains the following areas:

EASM_inventory_page_582223_en.png
  1. The Smart views panel toggle button. This feature allows you to customize, save, and switch between different loadouts of the EASM Inventory page.

    EASM_inventory_smart_view_582223_en.png

    The panel has the following sections:

    • All assets - Displays all assets in the company's network, providing a comprehensive view of all discovered entities.

    • ASN information - Shows details related to Autonomous System Numbers (ASN), which represent collections of IP networks managed by one or more network operators.

    • Certificates - Security certificates found within the network, including details on issuer, expiration, and validity.

    • IP information - Displays all IP addresses discovered in the company's network, including both IPv4 and IPv6 addresses.

    • Emails - Shows all email addresses discovered within the network, useful for identifying potential points of contact or targets for phishing attacks.

    • Domains - Lists all domain names discovered in the company's network, aiding in the identification of owned or potentially malicious domains.

    • DNS records - Displays all discovered DNS records, providing insights into domain configurations, associated IP addresses, and potential misconfigurations.

    • Services - Shows all discovered services running on the network, including web servers, mail servers, and other critical services.

    For any view in the Saved or Favorites category, you can click ellipses.PNG to Rename or Delete the view.

  2. The View options menu. This section provides you with multiple functions for working with views:

    • Save: use this option to save changes you make to a saved view.

    • Save as: allows you to save a modified view under a different name.

    • Discard changes: reverts the saved view to its original state.

    • Add to favorites: adds the view to the Favorites category.

    • Show or hide filters - hide or display the filters menu.

    • Open settings - Displays the Settings panel.

      You can use this panel to customize what columns are displayed in the view and enable or disable the Compact view.

  3. The Scan configuration button. The button provides you perform, configure, and schedule scans that detect new assets or changes to previously detected ones. For more information, refer to Configure, run, or schedule scans.

  4. The Include in scan button.

  5. The Exclude from Scan button.

  6. The Filters section. You can use these options to customize the incidents that are displayed in the below grid.

    The following filters are currently available:

    Filtering option

    Details

    Company

    Select a company from the list of all managed companies with valid XDR licenses.

    Only incidents originating from the selected company are displayed.

    Asset name

    Select one or more of the names of the specific assets you want to display.

    Only the selected assets are displayed.

    Asset type

    Select one or more of the following asset types:

    • ASN reports - An asset detailing Autonomous System Numbers (ASNs), which represent collections of IP networks managed by one or more network operators.

    • Certificates - Provides information on security certificates found within the network, including details on the issuer, expiration dates, and validity.

    • Domain - Represents a domain of the company that is publicly exposed to the internet.

    • Similar domain - A domain that closely resembles another domain name, and may be used to identify potential typosquatting or phishing domains.

    • DNS record - A record in the Domain Name System (DNS) that maps domain names to various types of data, such as IP addresses, mail servers, or other services.

    • IP block - A range of IP addresses assigned to a network or an organization, often used for routing and identification purposes.

    • IPv4 - An IPv4 address exposed to the internet

    • IPv6 - An IPv6 address exposed to the internet

    • Email - Email addresses used by the company that are are publicly exposed to the internet.

    • Service - A service exposed to the internet.

    • Name server - A server that provides responses to queries against a directory service, mapping domain names to IP addresses.

    Only assets of the selected type are displayed.

    Asset status

    Select one or more of the following asset statuses:

    • No action taken

    • Include in next scan

    • Exclude from scan

    Only assets of the selected status are displayed.

    Email

    Type in a complete or partial email address for the asset you are looking for.

    Only assets with matching email addresses are displayed.

    Domain

    Type in a complete or partial domain for the asset you are looking for.

    Only assets with matching domains are displayed.

    IP

    Type in a complete or partial IP for the asset you are looking for.

    Only assets with matching IPs are displayed.

    Country

    Type in the country for the assets you are looking for.

    Only assets associated with the entered country are displayed.

    Operator

    Type in the operator for the assets you are looking for.

    Only assets associated with the entered operator are displayed.

    ID

    Type in a complete or partial ID number for the asset you are looking for.

    Only assets with matching IDs are displayed.

    Issuer CA ID

    Type in a complete or partial Issuer CA ID for the asset you are looking for.

    Only assets with matching IDs are displayed.

    Issuer name

    Type in a complete or partial name for the asset you are looking for.

    Only assets with issuer names are displayed.

    Expiration status

    Filter by the expiration status of the assets.

    Select one or more of the expiration statuses from the list.

    Only assets with the selected expiration status are displayed.

    Valid from

    Filter by the start date of the asset's validity period.

    Only assets valid from the specified date are displayed.

    Valid until

    Filter by the end date of the asset's validity period.

    Only assets valid until the specified date are displayed.

    Serial number

    Type in the serial number of the asset you are looking for.

    Only assets with matching serial numbers are displayed.

    Record type

    Type in a complete or partial record type for the asset you are looking for.

    Only assets with the selected record type are displayed.

    Mail server

    Type in the mail server associated with the asset you are looking for.

    Only assets with matching mail servers are displayed.

    Name server

    Type in the name server associated with the asset you are looking for.

    Only assets with matching name servers are displayed.

    CNAME

    Type in the canonical name (CNAME) associated with the asset you are looking for.

    Only assets with matching CNAMEs are displayed.

    Port

    Type in the port number associated with the asset you are looking for.

    Only assets with matching port numbers are displayed.

    Protocol

    Type in the protocol associated with the asset you are looking for.

    Only assets with matching protocols are displayed.

    CVEs

    Type in the Common Vulnerabilities and Exposures (CVEs) associated with the asset you are looking for.

    Only assets with matching CVEs are displayed.

    Vulnerable to zone transfer

    Indicate if the asset is vulnerable to zone transfer.

    Only assets with the specified vulnerability status are displayed.

    Related to

    Select an incident from the drop-down list.

    Only assets related to the selected incident are displayed.

  7. The Inventory Grid. The grid displays all discovered assets that conform to the currently applied filter.

    The information available for each incidents is displayed under the following columns:

    • Company - The name of the company where the asset was discovered.

      Select the checkbox next to each incident number to include the incident when performing an Include in scan or Exclude from scan bulk action.

    • Asset name - The name of the asset.

    • Asset type - The type of the asset.

    • Asset status - The current status of the asset.

    • Email - The email address associated with the asset.

    • Domain - The domain name associated with the asset.

    • IP - The IP address associated with the asset.

    • Country - The country where the ASN asset is located.

    • Operator - The operator responsible for the asset.

    • ID - The unique identifier for the asset.

    • Issuer CA ID - The Certificate Authority ID that issued the asset's certificate.

    • Issuer name - The name of the issuer of the asset's certificate.

    • Expiration status - The expiration status of a certificate type asset.

    • Valid from - The start date of a certificate asset's validity period.

    • Valid until - The end date of a certificate asset's validity period.

    • Serial number - The serial number of the asset's certificate.

    • Record type - The type of DNS record associated with the asset.

    • Mail server - The mail server associated with the asset.

    • Name server - The name server associated with the asset.

    • CNAME - The canonical name (CNAME) associated with the asset.

    • Vulnerable to zone transfer - Indicates if the asset is vulnerable to DNS zone transfer attacks.

    • Port - The port number associated with the Service type asset.

    • Protocol - The protocol used by the Service type asset.

    • CVEs - The Common Vulnerabilities and Exposures (CVEs) associated with the asset.

    Note

    More details regarding the information in each column are available type in the Filters section.

Managing assets

In the EASM Inventory page, you can perform the following actions:

View asset details

To display additional information regarding any specific asset, click anywhere on the row belonging to the asset you want to view:

EASM_inventory_view_asset_582223_en.png

Different information will be displayed, depending on the type of asset displayed.

Click the View related assets button to change the filters on the EASM Inventory page to only display assets related to the one currently being displayed.

To make sure you have an up to date asset overview, you should schedule frequent scans to look for new assets or changes to previously detected ones.

All scans will take into consideration the name of your company when looking for assets. Known domains such as google.com are excluded from scanning.

Note

By scanning these assets, you acknowledge that Bitdefender may utilize public internet services (referred in the EASM chapter from the Data Collection Policy) to gather additional publicly available information related to these assets. For additional details on the personal data processed for your company through the Bitdefender EASM service, please refer to the Data Collection Policy for GravityZone Cloud. This information is available upon request from your Account Manager or Enterprise Support.

To do this, follow the steps below:

  1. Click on the Scan configuration button.

    The Scan configuration page is displayed.

    EASM_scan_schedule_582223_en.png
  2. Under the Scheduler section, configure the frequency of automated scans:

    • Recurrence - select the frequency of scans.

      Currently, Weekly is the only available option. This option performs a scan every week, on a set day and time.

    • On the following day - Select the day of the week the scan is to be performed.

    • Start time - Select the time when the scan is to be performed.

  3. Under the Scan list tab, manage the list of assets you want to be included in the next scan.

  4. Under the Scan exclusions tab, manage the list of assets you don't want to be included in the next scan.

  5. Click Save to save changes or Save and scan to also run a scan now.

    Note

    You can only run one on-demand scan per day.

Include assets in scans

This feature allows you flag certain assets and add them to the Scan list. When an asset is added to this list, it will always be included in scans.

To add assets to the Scan list follow these steps:

  1. Select the assets you want to add by selecting the corresponding checkboxes next to the Asset name column.

  2. Click the Include in scan button.

    A toast message will appear indicating if the request was successful.

Note

Only the following asset types can be added to scan lists:

  • IPv4

  • IPv6

  • IP Block

  • Email

  • Domain

  • ASN reports

Alternatively, you can add assets to the Scan list from the Scan configuration window.

Exclude assets from scans

You can use this feature to flag assets and add them to a list. All assets in this list will not be included in scans and will now be taken into consideration when compiling data for the EASM Dashboard page.

To add assets to the Scan list follow these steps:

  1. Select the assets you want to add by selecting the corresponding checkboxes next to the Asset name column.

  2. Click the Exclude from scan button.

    A toast message will appear indicating if the request was successful.

Alternatively, you can exclude assets to the Scan list from the Scan configuration window.