{"id":5641,"date":"2022-10-13T20:31:33","date_gmt":"2022-10-13T18:31:33","guid":{"rendered":"https:\/\/jeffreyappel.nl\/?p=5641"},"modified":"2023-07-27T23:14:34","modified_gmt":"2023-07-27T21:14:34","slug":"how-to-use-microsoft-defender-easm-external-attack-surface-management","status":"publish","type":"post","link":"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/","title":{"rendered":"How to use Microsoft Defender EASM (External Attack Surface Management)"},"content":{"rendered":"\n<p><strong>Microsoft released a new product with the name; Microsoft Defender EASM (External Attack Surface Management). The new product is based on the earlier products\/ technology from the RiskIQ acquisition. Defender EASM is a new product in the Defender stack to provide an external view of the Attack Surface of internet-exposed assets<\/strong>. <\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong><strong>Blog information: <br><\/strong><br><\/strong>Blog published: October 13, 2022<br>Blog latest updated: October 14, 2022<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">What is Defender EASM<\/h2>\n\n\n\n<p>Microsoft Defender External Attack Surface Management (Defender EASM)&nbsp;continuously discovers the digital attack surface to provide a view that is externally based on the online (internet-exposed) devices. <\/p>\n\n\n\n<p>Defender EASM used the crawling technology part of the Microsoft infrastructure to discover assets related to online infrastructure, the technology actively scans to discover more insights and detects weak points. Data is based on the security graph and additional sources. <\/p>\n\n\n\n<p>Defender EASMS discovers the following assets; (currently supported) <\/p>\n\n\n\n<ul>\n<li>Domains<\/li>\n\n\n\n<li>Hostnames<\/li>\n\n\n\n<li>Web Pages<\/li>\n\n\n\n<li>IP Blocks<\/li>\n\n\n\n<li>IP Addresses<\/li>\n\n\n\n<li>ASNs<\/li>\n\n\n\n<li>SSL Certificates<\/li>\n\n\n\n<li>WHOIS Contacts<\/li>\n<\/ul>\n\n\n\n<p>All the above assets are used as a &#8216;seed&#8217; to search through publicly available information. The biggest advantage is the combination with other data sources for calculating the Attack Surface Priorities\/ Security Posture\/ GDPR Compliance and OWASP. <\/p>\n\n\n\n<p>With the use of this visibility, security and IT teams may recognize unknowns and gives visibility in the risk\/ vulnerability scope and exposure control outside of the corporate firewalls. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\">What is the cost<\/h3>\n\n\n\n<p>For each resource, there is a 30-day free trial. After 30 days the price is $0.011 asset\/day. For smaller companies, not a big deal. For larger companies\/ enterprises, the EASM service can be quite expensive when you have millions of assets. <\/p>\n\n\n\n<p>More information for the official pricing; &nbsp;<a href=\"https:\/\/azure.microsoft.com\/en-us\/pricing\/details\/defender-external-attack-surface-management\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/azure.microsoft.com\/en-us\/pricing\/details\/defender-external-attack-surface-management\/<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Privacy and publicly available information<\/h3>\n\n\n\n<p>Microsoft Defender External Attack Surface Management contains global data. The pre-created attack surfaces from many organizations are available and can be added without any proof of ownership. <\/p>\n\n\n\n<p>EASM can be abused by people with bad intentions. As already mentioned by <a href=\"https:\/\/derkvanderwoude.medium.com\/introduction-into-microsoft-defender-easm-external-attack-surface-management-3fdee6ccf256\">Derk van der Woude | Medium<\/a>, some sort of proof of ownership (TXT, Cname, Domains in Azure) would be nice in the future to prevent abused insights.  <\/p>\n\n\n\n<p>Microsoft shares the following; <\/p>\n\n\n\n<blockquote class=\"wp-block-quote\">\n<p><em>For security purposes, Microsoft collects users&#8217; IP addresses when they log in. This data is stored for up to 30 days but may be stored longer if needed to investigate potential fraudulent or malicious use of the product.<\/em><\/p>\n<cite><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/external-attack-surface-management\/#data-residency-availability-and-privacy\">Microsoft Learn<\/a><\/cite><\/blockquote>\n\n\n\n<p>More information: <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/external-attack-surface-management\/#data-residency-availability-and-privacy\">Data residency, availability and privacy<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-wide\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">How to create Microsoft Defender EASM<\/h2>\n\n\n\n<p>First, we need to configure Microsoft Defender EASM via Azure. Go to <strong>Azure<\/strong> and search for <strong>Microsoft Defender EASM<\/strong>. <\/p>\n\n\n\n<p>For the creation select the <strong>subscription<\/strong> and <strong>resource group<\/strong>. For the instance details configure the <strong>name<\/strong> and <strong>region<\/strong>. The name is the custom instance name of Defender EASM. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"718\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-53-1024x718.png\" alt=\"\" class=\"wp-image-5646\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-53-1024x718.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-53-300x210.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-53-768x538.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-53-585x410.png 585w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-53.png 1303w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong>Region: <\/strong>Currently only the following regions are supported for Defender EASM:<\/p>\n\n\n\n<ul>\n<li>southcentralus<\/li>\n\n\n\n<li>westus3<\/li>\n\n\n\n<li>eastus<\/li>\n\n\n\n<li>eastasia<\/li>\n\n\n\n<li>swedencental<\/li>\n\n\n\n<li>Australieast<\/li>\n\n\n\n<li>japaneast<\/li>\n<\/ul>\n\n\n\n<p>When the provided location is not supported &#8211;  the following error is visible during the resource creation; <\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>The provided location 'westeurope' is not available for resource type 'Microsoft.Easm\/workspaces'. List of available regions for the resource type is 'southcentralus,westus3,eastus,eastasia,swedencentral,australiaeast,japaneast'. (Code: LocationNotAvailableForResourceType)<\/code><\/pre>\n\n\n\n<p>New Defender EASM resources start with a 30-day trial. After the trial period,&nbsp;the normal pricing is counted for Defender EASM. <\/p>\n\n\n\n<p>After the creation of the resource, the EASM instance is visible in the Defender EASM view in Azure with the configured instance name. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"330\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-54-1024x330.png\" alt=\"\" class=\"wp-image-5647\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-54-1024x330.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-54-300x97.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-54-768x248.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-54-1536x496.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-54-585x189.png 585w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-54.png 2018w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>There is the option to combine data from different sources in one single instance. Personally, I would split the data and divide it into different resources &#8211; with the reason; visibility of data and the correct security exposure. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Use pre-created inventory<\/h3>\n\n\n\n<p>Microsoft maintains an inventory of internet-facing devices and services. From the list, multiple pre-built organization profiles are available. <strong>Search the company name (1); <\/strong>when not exists in the list click on <strong>Create a custom attack surface (2)<\/strong>. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"559\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-56-1024x559.png\" alt=\"\" class=\"wp-image-5649\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-56-1024x559.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-56-300x164.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-56-768x419.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-56-1536x839.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-56-2048x1118.png 2048w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-56-585x319.png 585w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>When the <strong>organization name<\/strong> is available select the organization and click <strong>Start Attack Surface discovery<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"396\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-57-1024x396.png\" alt=\"\" class=\"wp-image-5650\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-57-1024x396.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-57-300x116.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-57-768x297.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-57-1536x593.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-57-2048x791.png 2048w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-57-585x226.png 585w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Use custom attack surface profile<\/h3>\n\n\n\n<p>Organization not available in the list of pre-built attack surfaces? Click on; <strong>Create a custom attack surface<\/strong>. Recommended is to start with a single domain &#8211; after the initial creation, more seeds can be entered. <\/p>\n\n\n\n<p>The following seeds can be configured: <\/p>\n\n\n\n<ul>\n<li>Domain<\/li>\n\n\n\n<li>IP Blocks  <\/li>\n\n\n\n<li>Hosts<\/li>\n\n\n\n<li>Email Contacts<\/li>\n\n\n\n<li>ASNs<\/li>\n\n\n\n<li>Whois Organizations<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"599\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-59-1024x599.png\" alt=\"\" class=\"wp-image-5652\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-59-1024x599.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-59-300x175.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-59-768x449.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-59-1536x898.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-59-2048x1198.png 2048w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-59-585x342.png 585w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Click <strong>Next <\/strong>and confirm the custom Attack Surface configuration and configured seeds. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-60-1024x447.png\" alt=\"\" class=\"wp-image-5653\" width=\"760\" height=\"331\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-60-1024x447.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-60-300x131.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-60-768x335.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-60-1536x671.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-60-2048x894.png 2048w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-60-585x255.png 585w\" sizes=\"(max-width: 760px) 100vw, 760px\" \/><\/figure>\n\n\n\n<p>After the confirmation, it takes <strong>24-48 hours<\/strong> before the attack surface profile is created. Microsoft scans the available security graph with the seed as input and creates associations based on the inventory and relations combined with other data (CVE, Threat insights, Asset types)<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"583\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-61-1024x583.png\" alt=\"\" class=\"wp-image-5654\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-61-1024x583.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-61-300x171.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-61-768x437.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-61-1536x875.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-61-2048x1166.png 2048w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-61-585x333.png 585w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-wide\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Discovery technology<\/h2>\n\n\n\n<p>The discovery technology searches recursively for connectors to known legitimate assets. Microsoft included externally facing assets that are exposed to the open internet outside of the traditional network components based on the following order; <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"186\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-62-1024x186.png\" alt=\"\" class=\"wp-image-5655\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-62-1024x186.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-62-300x55.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-62-768x140.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-62-585x106.png 585w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-62.png 1225w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>When the data is visible there are a couple of assets visible which are categorized in states. The following states are available: (Source: <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/external-attack-surface-management\/understanding-inventory-assets#asset-states\">Microsoft<\/a>)<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th>State name<\/th><th>Description<\/th><\/tr><\/thead><tbody><tr><td>Approved Inventory<\/td><td>A part of your owned attack surface; an item that you are directly responsible for.<\/td><\/tr><tr><td>Dependency<\/td><td>Infrastructure that is owned by a third party but is part of your attack surface because it directly supports the operation of your owned assets. For example, you might depend on an IT provider to host your web content. While the domain, hostname, and pages would be part of your \u201cApproved Inventory,\u201d you may wish to treat the IP Address running the host as a \u201cDependency.\u201d<\/td><\/tr><tr><td>Monitor Only<\/td><td>An asset that is relevant to your attack surface but is neither directly controlled nor a technical dependency. For example, independent franchisees or assets belonging to related companies might be labeled as \u201cMonitor Only\u201d rather than \u201cApproved Inventory\u201d to separate the groups for reporting purposes.<\/td><\/tr><tr><td>Candidate<\/td><td>An asset that has some relationship to your organization&#8217;s known seed assets but does not have a strong enough connection to immediately label it as \u201cApproved Inventory.\u201d These candidate assets must be manually reviewed to determine ownership.<\/td><\/tr><tr><td>Requires Investigation<\/td><td>A state similar to the \u201cCandidate\u201d states, but this value is applied to assets that require manual investigation to validate. This is determined based on our internally generated confidence scores that assess the strength of detected connections between assets. It does not indicate the infrastructure&#8217;s exact relationship to the organization as much as it denotes that this asset has been flagged as requiring additional review to determine how it should be categorized.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-wide\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Available data<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"477\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-63-1024x477.png\" alt=\"\" class=\"wp-image-5656\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-63-1024x477.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-63-300x140.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-63-768x358.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-63-1536x715.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-63-2048x953.png 2048w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-63-585x272.png 585w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>After some time the data is visible in the EASM resource instance. When data is loaded the overview page shows the count for each asset. EASM contains the following tabs:<\/p>\n\n\n\n<ul>\n<li><strong>Overview:<\/strong> General dashboard with all information<\/li>\n\n\n\n<li><strong>General &#8211; inventory:<\/strong> Overview of all discovered assets<\/li>\n\n\n\n<li><strong>Dashboards:<\/strong> Pre-created dashboards<\/li>\n\n\n\n<li><strong>Manage &#8211; Discovery<\/strong>: Configuration of the discovery profile<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Overview<\/h3>\n\n\n\n<p>The Overview tab&#8221;provides additional insights and gives a quick insight into all available data; Assets, Attack Surface Priorities, Software Based CVSS distribution, and Assets by state:<\/p>\n\n\n\n<p><strong>Assets + Atack Surface Priorities:<\/strong> Shows Attack Surface Priorities for high-severity observations, medium observations, and low-security observations. Data is matched with publicly available CVE data. For example (CVE-2022-41082 &amp; CVE-2022-41040). When clicking on the count the related assets are directly visible. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"504\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-64-1024x504.png\" alt=\"\" class=\"wp-image-5657\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-64-1024x504.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-64-300x148.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-64-768x378.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-64-1536x756.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-64-2048x1008.png 2048w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-64-585x288.png 585w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong>Software-based CVSS Distribution<\/strong>: Summary of the assets and CVSS distribution framework. The score is ranged between 0-10 where 10 is critical. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"304\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-65-1024x304.png\" alt=\"\" class=\"wp-image-5658\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-65-1024x304.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-65-300x89.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-65-768x228.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-65-1536x456.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-65-2048x608.png 2048w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-65-585x174.png 585w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong>Assets by state<\/strong>: Asset breakdown in the available states. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"122\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-66-1024x122.png\" alt=\"\" class=\"wp-image-5659\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-66-1024x122.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-66-300x36.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-66-768x91.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-66-1536x183.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-66-2048x244.png 2048w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-66-585x70.png 585w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Inventory<\/h3>\n\n\n\n<p>The inventory page contains the full list of all discovered assets part of the configured seeds. Assets can be searched, removed, or modified (state). <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"589\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-67-1024x589.png\" alt=\"\" class=\"wp-image-5660\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-67-1024x589.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-67-300x173.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-67-768x442.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-67-1536x883.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-67-2048x1178.png 2048w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-67-585x336.png 585w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Dashboards<\/h3>\n\n\n\n<p>Currently, there are 4 build-in reports available:<\/p>\n\n\n\n<ul>\n<li>Attack Surface Summary<\/li>\n\n\n\n<li>Security Posture<\/li>\n\n\n\n<li>GDPR Compliance<\/li>\n\n\n\n<li>OWASP Top 10<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"396\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-68-1024x396.png\" alt=\"\" class=\"wp-image-5661\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-68-1024x396.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-68-300x116.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-68-768x297.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-68-1536x595.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-68-2048x793.png 2048w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-68-585x226.png 585w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong>Attack Surface Summary<br><\/strong>Attack Surface Summary provides a high-level overview of the Attack Surface-based on priorities\/ composition, Cloud technology, Sensitive Services, SSL\/ Domain expiration, and IP Reputation. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"898\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-69-1024x898.png\" alt=\"\" class=\"wp-image-5662\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-69-1024x898.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-69-300x263.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-69-768x673.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-69-1536x1347.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-69-585x513.png 585w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-69.png 1624w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>More information: <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/external-attack-surface-management\/understanding-dashboards#attack-surface-summary\">Attack Surface Summary | Microsoft Docs<\/a><\/p>\n\n\n\n<p><strong>Security Posture<\/strong><\/p>\n\n\n\n<p>Based on metadata from discovered assets the posture is filled-in. This dashboard provides insight into CVE exposure, domain administration, and configuration, hosting and networking, open ports, and SSL certificate configuration.<\/p>\n\n\n\n<p>Interesting values are the domain configuration and Open Ports for each category (Ephemeral Ports, System Ports, Remote Access, Registered Ports, web Servers, Database Servers, Network Equipment, and Internet of Things). <\/p>\n\n\n\n<p>SSL configurations contain the used certificate ( SHA1\/ MD5 or expired) <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"1006\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-70-1024x1006.png\" alt=\"\" class=\"wp-image-5663\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-70-1024x1006.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-70-300x295.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-70-768x755.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-70-1536x1510.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-70-80x80.png 80w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-70-585x575.png 585w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-70.png 1626w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>More information: <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/external-attack-surface-management\/understanding-dashboards#security-posture-dashboard\">Security Posture dashboard | Microsoft Docs<\/a><\/p>\n\n\n\n<p><strong>GDPR Compliance<\/strong><\/p>\n\n\n\n<p>The GDPR compliance dashboard presents an analysis of assets in the confirmed inventory against GDPR controls. Part of the dashboard; <\/p>\n\n\n\n<ul>\n<li>Website by status<\/li>\n\n\n\n<li>SSL Certificate Posture<\/li>\n\n\n\n<li>SSL Certificate Expiration<\/li>\n\n\n\n<li>Sites with SHA 1 \/ SHA256<\/li>\n\n\n\n<li>P11 Posture<\/li>\n\n\n\n<li>Login posture<\/li>\n\n\n\n<li>Cookie posture<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"350\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-72-1024x350.png\" alt=\"\" class=\"wp-image-5665\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-72-1024x350.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-72-300x103.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-72-768x262.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-72-1536x525.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-72-2048x700.png 2048w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-72-585x200.png 585w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>More information: <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/external-attack-surface-management\/understanding-dashboards#gdpr-compliance-dashboard\">GDPR compliance dashboard<\/a><\/p>\n\n\n\n<p><strong>OWASP Top 10<\/strong><\/p>\n\n\n\n<p>The OWASP Top 10 dashboard is designed to provide insight into the most critical security recommendations designated by OWASP for web application security. The dashboard contains the OWASP Top 10 including:<\/p>\n\n\n\n<ol>\n<li>Broken access control<\/li>\n\n\n\n<li>Cryptographic failure<\/li>\n\n\n\n<li>Injection<\/li>\n\n\n\n<li>Insecure design<\/li>\n\n\n\n<li>Security misconfiguration<\/li>\n\n\n\n<li>Vulnerable and outdated components<\/li>\n\n\n\n<li>Identification and authentication failures<\/li>\n\n\n\n<li>Software and data integrity failures<\/li>\n\n\n\n<li>Security logging and monitoring<\/li>\n\n\n\n<li>Server-side request forgery<\/li>\n<\/ol>\n\n\n\n<p>The count and asset are clickable; for showing all assets. Click on the asset name for more in-depth information. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"544\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-71-1024x544.png\" alt=\"\" class=\"wp-image-5664\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-71-1024x544.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-71-300x159.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-71-768x408.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-71-1536x816.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-71-2048x1088.png 2048w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-71-585x311.png 585w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>More information: <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/external-attack-surface-management\/understanding-dashboards#owasp-top-10-dashboard\">OWASP top 10 dashboard | Microsoft Docs<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-wide\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Specific use-cases<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Asset details<\/h3>\n\n\n\n<p>There is a huge amount of data available. Each asset contains in-depth details with global Security Graph information. <\/p>\n\n\n\n<p>More information: <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/external-attack-surface-management\/understanding-asset-details\">Asset details | Microsoft Learn<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">CVE &#8211; Exchange<\/h3>\n\n\n\n<p>Data is mapped against CVE detecting. When viewing the Attack Surface Priorities, top observations are based on the seed discovery. For example; CVE-2022-41082 &amp; CVE-2022-41040&nbsp;&#8211; Microsoft Exchange Server.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-73.png\" alt=\"\" class=\"wp-image-5666\" width=\"398\" height=\"341\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-73.png 935w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-73-300x258.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-73-768x660.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-73-585x502.png 585w\" sizes=\"(max-width: 398px) 100vw, 398px\" \/><\/figure><\/div>\n\n\n<p>When clicking on the count &#8211; more in-depth information is visible. Microsoft described the CVE with more in-depth information and available remediation\/ intelligence. Discovered assets are directly visible with the type. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"306\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-74-1024x306.png\" alt=\"\" class=\"wp-image-5667\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-74-1024x306.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-74-300x90.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-74-768x229.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-74-1536x459.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-74-2048x612.png 2048w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-74-585x175.png 585w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>When clicking on the asset itself &#8211; there is more detailed information. (IP reputation, services, trackers, Web components\/CVEs, SSL certificates, and host). Including specific versions. In the below example, we see exchange version 15.1.2308. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"396\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-75-1024x396.png\" alt=\"\" class=\"wp-image-5668\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-75-1024x396.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-75-300x116.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-75-768x297.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-75-1536x594.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-75-2048x791.png 2048w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-75-585x226.png 585w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Open ports<\/h3>\n\n\n\n<p>In the Security Posture, there is a view of the open port part of discovered public resources. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"191\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-76-1024x191.png\" alt=\"\" class=\"wp-image-5669\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-76-1024x191.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-76-300x56.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-76-768x143.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-76-1536x286.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-76-2048x381.png 2048w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-76-585x109.png 585w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>When clicking on the count the more detailed view is visible. Web components &amp; CVEs give more visibility in the available CVEs\/ first seen and installation version. In the example below the OpenSSH 7.4p1 (released; on 2016-12-19) is detected with a couple of CVEs. (-; <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"782\" src=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-77-1024x782.png\" alt=\"\" class=\"wp-image-5670\" srcset=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-77-1024x782.png 1024w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-77-300x229.png 300w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-77-768x586.png 768w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-77-1536x1173.png 1536w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-77-585x447.png 585w, https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-77.png 1810w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-wide\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>The new Microsoft Defender External Attack Surface Management tool is really interesting and can be used for various reasons to prevent the unknown and get more valuable insights into the online internet-exposed posture.<\/p>\n\n\n\n<p>Currently, there are no integrations available &#8211; hopefully, more integrations will be released with Defender XDR and Sentinel for bringing the data together. <\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-wide\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Sources<\/h2>\n\n\n\n<p><strong>Community<\/strong><\/p>\n\n\n\n<ul>\n<li>Derk van der Woude: <a href=\"https:\/\/derkvanderwoude.medium.com\/introduction-into-microsoft-defender-easm-external-attack-surface-management-3fdee6ccf256\">Introduction into Microsoft Defender EASM (External Attack Surface Management)<\/a><\/li>\n\n\n\n<li>msandbu.org: <a href=\"https:\/\/msandbu.org\/getting-started-with-microsoft-defender-easm-external-attack-surface-management\/\">Getting started with Microsoft Defender EASM (External Attack Surface Management)<\/a><\/li>\n<\/ul>\n\n\n\n<p><strong>Microsoft<\/strong><\/p>\n\n\n\n<ul>\n<li>Microsoft: <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/external-attack-surface-management\/\">Defender EASM Overview<\/a><\/li>\n\n\n\n<li>Microsoft: <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/external-attack-surface-management\/what-is-discovery\">What is Discovery<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft released a new product with the name; Microsoft Defender EASM (External Attack Surface Management). The new product is based on the earlier products\/ technology from the RiskIQ acquisition. Defender EASM is a new product in the Defender stack to&#8230;<\/p>\n","protected":false},"author":1,"featured_media":5657,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[189],"tags":[245],"table_tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to use Microsoft Defender EASM (External Attack Surface Management)<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to use Microsoft Defender EASM (External Attack Surface Management)\" \/>\n<meta property=\"og:description\" content=\"Microsoft released a new product with the name; Microsoft Defender EASM (External Attack Surface Management). The new product is based on the earlier products\/ technology from the RiskIQ acquisition. Defender EASM is a new product in the Defender stack to...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/\" \/>\n<meta property=\"og:site_name\" content=\"Jeffrey Appel - Microsoft Security blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-13T18:31:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-27T21:14:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-64.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2582\" \/>\n\t<meta property=\"og:image:height\" content=\"1271\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Jeffrey\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jeffrey\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/\",\"url\":\"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/\",\"name\":\"How to use Microsoft Defender EASM (External Attack Surface Management)\",\"isPartOf\":{\"@id\":\"https:\/\/jeffreyappel.nl\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-64.png\",\"datePublished\":\"2022-10-13T18:31:33+00:00\",\"dateModified\":\"2023-07-27T21:14:34+00:00\",\"author\":{\"@id\":\"https:\/\/jeffreyappel.nl\/#\/schema\/person\/ebdd80b67674ad29968ad249abc89c42\"},\"breadcrumb\":{\"@id\":\"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/#primaryimage\",\"url\":\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-64.png\",\"contentUrl\":\"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-64.png\",\"width\":2582,\"height\":1271},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jeffreyappel.nl\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to use Microsoft Defender EASM (External Attack Surface Management)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jeffreyappel.nl\/#website\",\"url\":\"https:\/\/jeffreyappel.nl\/\",\"name\":\"Jeffrey Appel - Microsoft Security blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jeffreyappel.nl\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/jeffreyappel.nl\/#\/schema\/person\/ebdd80b67674ad29968ad249abc89c42\",\"name\":\"Jeffrey\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jeffreyappel.nl\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/37bbb7acc360ea70a60f26ca4548d940?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/37bbb7acc360ea70a60f26ca4548d940?s=96&d=mm&r=g\",\"caption\":\"Jeffrey\"},\"url\":\"https:\/\/jeffreyappel.nl\/author\/contact\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to use Microsoft Defender EASM (External Attack Surface Management)","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/","og_locale":"en_US","og_type":"article","og_title":"How to use Microsoft Defender EASM (External Attack Surface Management)","og_description":"Microsoft released a new product with the name; Microsoft Defender EASM (External Attack Surface Management). The new product is based on the earlier products\/ technology from the RiskIQ acquisition. Defender EASM is a new product in the Defender stack to...","og_url":"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/","og_site_name":"Jeffrey Appel - Microsoft Security blog","article_published_time":"2022-10-13T18:31:33+00:00","article_modified_time":"2023-07-27T21:14:34+00:00","og_image":[{"width":2582,"height":1271,"url":"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-64.png","type":"image\/png"}],"author":"Jeffrey","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Jeffrey","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/","url":"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/","name":"How to use Microsoft Defender EASM (External Attack Surface Management)","isPartOf":{"@id":"https:\/\/jeffreyappel.nl\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/#primaryimage"},"image":{"@id":"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/#primaryimage"},"thumbnailUrl":"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-64.png","datePublished":"2022-10-13T18:31:33+00:00","dateModified":"2023-07-27T21:14:34+00:00","author":{"@id":"https:\/\/jeffreyappel.nl\/#\/schema\/person\/ebdd80b67674ad29968ad249abc89c42"},"breadcrumb":{"@id":"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/#primaryimage","url":"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-64.png","contentUrl":"https:\/\/jeffreyappel.nl\/wp-content\/uploads\/2022\/10\/image-64.png","width":2582,"height":1271},{"@type":"BreadcrumbList","@id":"https:\/\/jeffreyappel.nl\/how-to-use-microsoft-defender-easm-external-attack-surface-management\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jeffreyappel.nl\/"},{"@type":"ListItem","position":2,"name":"How to use Microsoft Defender EASM (External Attack Surface Management)"}]},{"@type":"WebSite","@id":"https:\/\/jeffreyappel.nl\/#website","url":"https:\/\/jeffreyappel.nl\/","name":"Jeffrey Appel - Microsoft Security blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jeffreyappel.nl\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/jeffreyappel.nl\/#\/schema\/person\/ebdd80b67674ad29968ad249abc89c42","name":"Jeffrey","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jeffreyappel.nl\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/37bbb7acc360ea70a60f26ca4548d940?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/37bbb7acc360ea70a60f26ca4548d940?s=96&d=mm&r=g","caption":"Jeffrey"},"url":"https:\/\/jeffreyappel.nl\/author\/contact\/"}]}},"amp_enabled":false,"_links":{"self":[{"href":"https:\/\/jeffreyappel.nl\/wp-json\/wp\/v2\/posts\/5641"}],"collection":[{"href":"https:\/\/jeffreyappel.nl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jeffreyappel.nl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jeffreyappel.nl\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jeffreyappel.nl\/wp-json\/wp\/v2\/comments?post=5641"}],"version-history":[{"count":11,"href":"https:\/\/jeffreyappel.nl\/wp-json\/wp\/v2\/posts\/5641\/revisions"}],"predecessor-version":[{"id":7276,"href":"https:\/\/jeffreyappel.nl\/wp-json\/wp\/v2\/posts\/5641\/revisions\/7276"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jeffreyappel.nl\/wp-json\/wp\/v2\/media\/5657"}],"wp:attachment":[{"href":"https:\/\/jeffreyappel.nl\/wp-json\/wp\/v2\/media?parent=5641"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jeffreyappel.nl\/wp-json\/wp\/v2\/categories?post=5641"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jeffreyappel.nl\/wp-json\/wp\/v2\/tags?post=5641"},{"taxonomy":"table_tags","embeddable":true,"href":"https:\/\/jeffreyappel.nl\/wp-json\/wp\/v2\/table_tags?post=5641"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}