Insights (Assets tab)
Use the External Attack Surface > Insights > Assets tab to manage the assets that EASM is monitoring. The Default Workspace includes asset data from all workspaces. If you only want to see data for a specific workspace that you are a member of, select it from the Workspace list at the top.
When you add a seed, Ivanti’s internet exposure scanner will assess that seed’s attack surface, and the associated asset and exposure information will show on this page. Each seed that you add can only belong to a single workspace.
External Attack Surface pages in Ivanti Neurons will not show data initially. You first need to provide seed links to your organization's presence on the internet.
At the top of the page are your Assets tiles:
- Assets
- Active assets
- Monitored assets
- Unmonitored assets
- Cloud assets
- Name & mail servers
- SaaS assets
Selecting a blue number in an indicator applies a filter in the Assets list so it shows only those items. Select the filter button on a column header to see its selectable filters. The column chooser button
to the left of the search field lets you select which columns are visible.
Quick Filters at the top of the table provide additional filtering based on data gathered from your assets. The available selections within a quick filter depend on what EASM has detected in your assets. Quick filters work in combination with column filters. For more information, see Quick Filters.
To manage the assets that EASM is monitoring, ensure that you have Manage External Attack Surface Workspace permissions in Admin > Access Control, in the Attack Surface panel.
You can perform the following actions to manage your assets:
Adding seeds
To add a seed, click Add seed, select the Seed type, enter the Seed name, and select the Workspace you want the seed to be a part of. You can add multiple seeds to workspaces. The Workspace dropdown lists existing workspaces. To create a new one, type its name. You can create multiple workspaces. A yellow dropdown indicates a new workspace, while blue indicates an existing one.
You can add as many seeds as you need. Ivanti's exposure crawler uses the seed name to locate the internet resource you are adding. If the seed name is not resolvable, the exposure crawler will not be able to find it.
Moving assets between workspaces
Moving an asset to a different workspace also moves all dependent data and exposures associated with that asset. It can take a few minutes for the assets you selected to move.
Ensure that you have the Move asset(s) permission. Navigate to the External Attack Surface > Insights > Assets tab and select the assets you want to move. Then, click the Move assets button, choose a destination workspace that you are a member of, and enter a reason for the move.
Viewing notifications
Notifications are sent when you add, move, or delete a seed, initiate or complete the seed scan, or take longer than expected to complete the scan. They provide information about the successful completion or failure of these key operations. All notifications are listed in the Notification pane.
To view the notifications, click the notifications icon located at the top right of the Insights page.
Viewing asset details
Selecting an asset in the list takes you to the details page for that asset. This page includes information in these categories:
- External exposures: If available, exposure information. Select an item in the Observation column to see details about that exposure and a list of assets affected by it.
- Tech stacks: If available, the technology and software stacks detected on the asset.
- Who is: If available, whois record information for the domain associated with the asset, such as who owns it, contact information, and when it was registered.
Setting asset criticality
Use asset criticality to organize your assets by importance. Asset Criticality is a column in the assets table that you can filter. Asset criticality does not affect vulnerability scoring. It's purpose is to help you prioritize your assets while viewing the Assets page. 3 - Neutral is the default criticality for discovered assets.
Available criticality levels:
- 1 - Business Critical
- 2- Important
- 3 - Neutral
- 4 - Minor
- 5 - None
You can assign criticality on an individual asset by selecting it, which opens the asset details page. In the Criticality section, select Update. Select the criticality you want.
To assign a criticality to multiple assets, select the ones you want by checking the box next to them. Select Update Criticality at the top of the table and select the criticality you want.
Community scanner
The community scanner enhances vulnerability scanning by leveraging community-driven resources. It utilizes community-driven data to conduct more comprehensive vulnerability checks. It then uses this CPE data to identify and link to relevant Common Vulnerabilities and Exposures (CVEs), which helps create a more thorough and complete picture of a system's vulnerabilities.
The community scanner provides:
-
Advanced Scan Execution: The scanner will now be able to run more sophisticated Nuclei templates that require specific inputs, such as URLs or credentials. This allows for a deeper level of security assessment.
-
Richer Vulnerability Data: The system can automatically pull technology stack information (for example, product Vendor, version) and Common Platform Enumeration (CPE) data from within the scan results to enhance the accuracy of your technology inventory.
You can select the asset you want to scan and then select the Run Community Scan option from the Actions menu. In the Run Community Scan window, select the templates. The templates are categorized into three levels. for example, Cloud> AWS> ec2. The list of templates is displayed based on the cumulative choice. You can use the search to filter the template from the displayed list. Select the template and click Run Scan.
Exporting exposures list
Use the Export button to export the exposures list to Excel (.xslx) or text (.csv). Any column filters that are applied will also apply to the export.