You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/external-attack-surface-management/using-and-managing-discovery.md
+10-10Lines changed: 10 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,19 +18,19 @@ Before you run a custom discovery, see the [What is discovery?](what-is-discover
18
18
19
19
## Accessing your automated attack surface
20
20
21
-
Microsoft has preemptively configured the attack surfaces of many organizations, mapping their initial attack surface by discovering infrastructure that’s connected to known assets. It is recommended that all users search for their organization’s attack surface before creating a custom attack surface and running additional discoveries. This enables users to quickly access their inventory as Defender EASM refreshes the data, adding additional assets and recent context to your Attack Surface.
21
+
Microsoft has pre-emptively configured the attack surfaces of many organizations, mapping their initial attack surface by discovering infrastructure that’s connected to known assets. It's recommended that all users search for their organization’s attack surface before creating a custom attack surface and running other discoveries. This process enables users to quickly access their inventory as Defender EASM refreshes the data, adding additional assets and recent context to your Attack Surface.
22
22
23
23
When first accessing your Defender EASM instance, select “Getting Started” in the “General” section to search for your organization in the list of automated attack surfaces. Then select your organization from the list and click “Build my Attack Surface”.
24
24
25
-
:::image type="content" source="media/Discovery_1.png" alt-text="Screenshot of pre-configured attack surface selection screen.":::
25
+
:::image type="content" source="media/Discovery_1.png" alt-text="Screenshot of preconfigured attack surface selection screen.":::
26
26
27
-
At this point, the discovery will be running in the background. If you selected a pre-configured Attack Surface from the list of available organizations, you will be redirected to the Dashboard Overview screen where you can view insights into your organization’s infrastructure in Preview Mode. Review these dashboard insights to become familiar with your Attack Surface as you wait for additional assets to be discovered and populated in your inventory. See the [Understanding dashboards](understanding-dashboards.md) article for more information on how to derive insights from these dashboards.
27
+
At this point, the discovery runs in the background. If you selected a preconfigured Attack Surface from the list of available organizations, you will be redirected to the Dashboard Overview screen where you can view insights into your organization’s infrastructure in Preview Mode. Review these dashboard insights to become familiar with your Attack Surface as you wait for more assets to be discovered and populated in your inventory. See the [Understanding dashboards](understanding-dashboards.md) article for more information on how to derive insights from these dashboards.
28
28
29
-
If you notice any missing assets or have other entities to manage that may not be discovered through infrastructure clearly linked to your organization, you can elect to run customized discoveries to detect these outlier assets.
29
+
If you notice any missing assets or have other entities to manage that may not be discovered through infrastructure that is clearly linked to your organization, elect to run customized discoveries to detect these outlier assets.
30
30
31
31
## Customizing discovery
32
32
33
-
Custom discoveries are ideal for organizations that require deeper visibility into infrastructure that may not be immediately linked to their primary seed assets. By submitting a larger list of known assets to operate as discovery seeds, the discovery engine will return a wider pool of assets. Custom discovery can also help organizations find disparate infrastructure that may relate to independent business units and acquired companies.
33
+
Custom discoveries are ideal for organizations that require deeper visibility into infrastructure that may not be immediately linked to their primary seed assets. By submitting a larger list of known assets to operate as discovery seeds, the discovery engine returns a wider pool of assets. Custom discovery can also help organizations find disparate infrastructure that may relate to independent business units and acquired companies.
34
34
35
35
### Discovery groups
36
36
@@ -60,17 +60,17 @@ Custom discoveries are organized into Discovery Groups. They are independent see
60
60
61
61
:::image type="content" source="media/Discovery_6.png" alt-text="Screenshot of pre-baked attack surface selection page, then output in seed list.":::
62
62
63
-
:::image type="content" source="media/Discovery_7.png" alt-text="Screenshot of pre-baked attack surface selection page..":::
63
+
:::image type="content" source="media/Discovery_7.png" alt-text="Screenshot of pre-baked attack surface selection page.":::
64
64
65
-
Alternatively, users can manually input their seeds. Defender EASM accepts organization names, domains, IP blocks, hosts, email contacts, ASNs, and WhoIs organizations as seed values. You can also specify entities to exclude from asset discovery to ensure they are not added to your inventory if detected. For example, this is useful for organizations that have subsidiaries that will likely be connected to their central infrastructure, but do not belong to your organization.
65
+
Alternatively, users can manually input their seeds. Defender EASM accepts organization names, domains, IP blocks, hosts, email contacts, ASNs, and WhoIs organizations as seed values. You can also specify entities to exclude from asset discovery to ensure they aren't added to your inventory if detected. For example, exclusions are useful for organizations that have subsidiaries that will likely be connected to their central infrastructure, but do not belong to your organization.
66
66
67
67
Once your seeds have been selected, select **Review + Create**.
68
68
69
69
5. Review your group information and seed list, then select **Create & Run**.
70
70
71
71
:::image type="content" source="media/Discovery_8.png" alt-text="Screenshot of review + create screen.":::
72
72
73
-
You will then be taken back to the main Discovery page that displays your Discovery Groups. Once your discovery run is complete, you will see new assets added to your Confirmed Inventory.
73
+
You'll then be taken back to the main Discovery page that displays your Discovery Groups. Once your discovery run is complete, you'll see new assets added to your Approved Inventory.
74
74
75
75
### Viewing and editing discovery groups
76
76
@@ -84,7 +84,7 @@ Click on any discovery group to view more information, edit the group, or immedi
84
84
85
85
The discovery group details page contains the run history for the group. Once expanded, this section displays key information about each discovery run that has been performed on the specific group of seeds. The Status column indicates whether the run is “In Progress”, “Complete,” or “Failed”. This section also includes “started” and “completed” timestamps and counts of the total number of assets versus new assets discovered.
86
86
87
-
Run history is organized by the seed assets scanned during the discovery run. To see a list of the applicable seeds, click “Details”. This opens a right-hand pane that lists all the seeds and exclusions by kind and name.
87
+
Run history is organized by the seed assets scanned during the discovery run. To see a list of the applicable seeds, click “Details”. This action opens a right-hand pane that lists all the seeds and exclusions by kind and name.
88
88
89
89
:::image type="content" source="media/Discovery_10.png" alt-text="Screenshot of run history for disco group screen.":::
90
90
@@ -100,7 +100,7 @@ The seed list view displays seed values with three columns: type, source name, a
100
100
101
101
### Exclusions
102
102
103
-
Similarly, you can click the “Exclusions” tab to see a list of entities that have been excluded from the discovery group. This means that these assets will not be used as discovery seeds or added to your inventory. It is important to note that exclusions only impact future discovery runs for an individual discovery group. The “type" field displays the category of the excluded entity. The source name is the value that was inputted in the appropriate type box when creating the discovery group. The final column shows a list of discovery groups where this exclusion is present; each value is clickable, taking you to the details page for that discovery group.
103
+
Similarly, you can click the “Exclusions” tab to see a list of entities that have been excluded from the discovery group. This means that these assets will not be used as discovery seeds or added to your inventory. It's important to note that exclusions only impact future discovery runs for an individual discovery group. The “type" field displays the category of the excluded entity. The source name is the value that was inputted in the appropriate type box when creating the discovery group. The final column shows a list of discovery groups where this exclusion is present; each value is clickable, taking you to the details page for that discovery group.
0 commit comments