You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description: This article outlines the filter functionality available in Microsoft Defender External Attack Surface Management for ASN assets specifically, including operators and applicable field values.
5
5
author: danielledennis
6
6
ms.author: dandennis
7
-
ms.service: security
7
+
ms.service: defender-easm
8
8
ms.date: 12/14/2022
9
9
ms.topic: how-to
10
10
---
@@ -16,11 +16,11 @@ These filters specifically apply to ASN assets. Use these filters when searching
16
16
17
17
## Free form filters
18
18
19
-
The following filters require that the user manually enters the value with which they want to search. This list is organized by the number of applicable operators for each filter, then alphabetically.
19
+
The following filters require that the user manually enters the value with which they want to search. This list is organized according to the number of applicable operators for each filter, then alphabetically.
20
20
21
21
| Filter name | Description | Value format | Applicable operators |
| ASN | Autonomous System Number is a network identification for transporting data on the Internet between Internet routers. An ASN will have associated public IP blocks tied to it where hosts are located. | 12345 |`Equals``Not Equals``In``Not In``Empty``Not Empty`|
23
+
| ASN | Autonomous System Number is a network identification for transporting data on the Internet between Internet routers. An ASN associates any public IP blocks tied to it where hosts are located. | 12345 |`Equals``Not Equals``In``Not In``Empty``Not Empty`|
24
24
| Whois Admin Email | The email address of the listed administrator of a Whois record. |[email protected]|`Equals``Not Equals``Starts with``Does not start with``Matches``Does Not Match``In``Not in``Starts with in``Does not start with in``Matches in``Does not match in``Contains``Does Not Contain``Contains In``Does Not Contain In``Empty``Not Empty`|
25
25
| Whois Admin Name | The name of the listed administrator. | John Smith ||
26
26
| Whois Admin Organization | The organization associated with the administrator. | Contoso Ltd. ||
description: This article outlines the filter functionality available in Microsoft Defender External Attack Surface Management for contact assets specifically, including operators and applicable field values.
5
5
author: danielledennis
6
6
ms.author: dandennis
7
-
ms.service: security
7
+
ms.service: defender-easm
8
8
ms.date: 12/14/2022
9
9
ms.topic: how-to
10
10
---
@@ -16,7 +16,7 @@ These filters specifically apply to contact assets. Use these filters when searc
16
16
17
17
## Free form filters
18
18
19
-
The following filters require that the user manually enters the value with which they want to search. This list is organized by the number of applicable operators for each filter, then alphabetically. Note that many of these values are case-sensitive.
19
+
The following filters require that the user manually enters the value with which they want to search. This list is organized by the number of applicable operators for each filter, then alphabetically. Many of these values are case-sensitive.
20
20
21
21
| Filter name | Description | Value format | Applicable operators |
Copy file name to clipboardExpand all lines: articles/external-attack-surface-management/data-connections.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ title: Defender EASM Data Connections
7
7
description: "The data connector sends Defender EASM asset data to two different platforms: Microsoft Log Analytics and Azure Data Explorer. Users need to be active customers to export Defender EASM data to either tool, and data connections are subject to the pricing model for each respective platform."
8
8
author: elaineriq # GitHub alias
9
9
ms.author: elgonzalez # Microsoft alias
10
-
ms.service: security
10
+
ms.service: defender-easm
11
11
# ms.prod: # To use ms.prod, uncomment it and delete ms.service
description: This article explains how to create an Microsoft Defender External Attack Surface Management (Defender EASM) Azure resource using the Azure portal.
Copy file name to clipboardExpand all lines: articles/external-attack-surface-management/discovering-your-attack-surface.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,7 @@ title: Discovering your attack surface
3
3
description: Microsoft has preemptively configured the attack surfaces of many organizations, mapping their initial attack surface by discovering infrastructure that’s connected to known assets.
4
4
author: danielledennis
5
5
ms.author: dandennis
6
-
ms.service: security
6
+
ms.service: defender-easm
7
7
ms.date: 07/14/2022
8
8
ms.topic: tutorial
9
9
---
@@ -16,23 +16,23 @@ Before completing this tutorial, see the [What is discovery?](what-is-discovery.
16
16
17
17
## Accessing your automated attack surface
18
18
19
-
Microsoft has preemptively configured the attack surfaces of many organizations, mapping their initial attack surface by discovering infrastructure that’s connected to known assets. It is recommended that all users search for their organization’s attack surface before creating a custom attack surface and running additional discoveries. This enables users to quickly access their inventory as Defender EASM refreshes the data, adding additional assets and recent context to your Attack Surface.
19
+
Microsoft has preemptively configured the attack surfaces of many organizations, mapping their initial attack surface by discovering infrastructure that’s connected to known assets. It's recommended that all users search for their organization’s attack surface before creating a custom attack surface and running other discoveries. This process enables users to quickly access their inventory as Defender EASM refreshes the data, adding more assets and recent context to your Attack Surface.
20
20
21
21
1. When first accessing your Defender EASM instance, select “Getting Started” in the “General” section to search for your organization in the list of automated attack surfaces.
22
22
23
23
2. Then select your organization from the list and click “Build my Attack Surface”.
24
24
25
25
26
26
27
-
At this point, the discovery will be running in the background. If you selected a pre-configured Attack Surface from the list of available organizations, you will be redirected to the Dashboard Overview screen where you can view insights into your organization’s infrastructure in Preview Mode. Please review these dashboard insights to become familiar with your Attack Surface as you wait for additional assets to be discovered and populated in your inventory. Please read the [Understanding dashboards](understanding-dashboards.md) article for more information on how to derive insights from these dashboards.
27
+
At this point, the discovery runs in the background. If you selected a pre-configured Attack Surface from the list of available organizations, you will be redirected to the Dashboard Overview screen where you can view insights into your organization’s infrastructure in Preview Mode. Review these dashboard insights to become familiar with your Attack Surface as you wait for additional assets to be discovered and populated in your inventory. Read the [Understanding dashboards](understanding-dashboards.md) article for more information on how to derive insights from these dashboards.
28
28
29
29
If you notice any missing assets or have other entities to manage that may not be discovered through infrastructure clearly linked to your organization, you can elect to run customized discoveries to detect these outlier assets.
30
30
31
31
## Customizing discovery
32
32
Custom discoveries are ideal for organizations that require deeper visibility into infrastructure that may not be immediately linked to their primary seed assets. By submitting a larger list of known assets to operate as discovery seeds, the discovery engine will return a wider pool of assets. Custom discovery can also help organizations find disparate infrastructure that may relate to independent business units and acquired companies.
33
33
34
34
## Discovery groups
35
-
Custom discoveries are organized into Discovery Groups. They are independent seed clusters that comprise a single discovery run and operate on their own recurrence schedules. Users can elect to organize their Discovery Groups to delineate assets in whatever way best benefits their company and workflows. Common options include organizing by responsible team/business unit, brands or subsidiaries.
35
+
Custom discoveries are organized into Discovery Groups. They're independent seed clusters that comprise a single discovery run and operate on their own recurrence schedules. Users can elect to organize their Discovery Groups to delineate assets in whatever way best benefits their company and workflows. Common options include organizing by responsible team/business unit, brands or subsidiaries.
36
36
37
37
## Creating a discovery group
38
38
@@ -60,15 +60,15 @@ Custom discoveries are organized into Discovery Groups. They are independent see
60
60
61
61
62
62
63
-
Alternatively, users can manually input their seeds. Defender EASM accepts domains, IP blocks, hosts, email contacts, ASNs, and WhoIs organizations as seed values. You can also specify entities to exclude from asset discovery to ensure they are not added to your inventory if detected. For example, this is useful for organizations that have subsidiaries that will likely be connected to their central infrastructure, but do not belong to your organization.
63
+
Alternatively, users can manually input their seeds. Defender EASM accepts domains, IP blocks, hosts, email contacts, ASNs, and WhoIs organizations as seed values. You can also specify entities to exclude from asset discovery to ensure they aren't added to your inventory if detected. For example, this is useful for organizations that have subsidiaries that will likely be connected to their central infrastructure, but don't belong to your organization.
64
64
65
65
Once your seeds have been selected, select **Review + Create**.
66
66
67
67
5. Review your group information and seed list, then select **Create & Run**.
68
68
69
69
70
70
71
-
You will then be taken back to the main Discovery page that displays your Discovery Groups. Once your discovery run is complete, you will see new assets added to your Confirmed Inventory.
71
+
You are then taken back to the main Discovery page that displays your Discovery Groups. Once your discovery run is complete, you can see new assets added to your Approved Inventory.
description: This article outlines the filter functionality available in Microsoft Defender External Attack Surface Management for domain assets specifically, including operators and applicable field values.
5
5
author: danielledennis
6
6
ms.author: dandennis
7
-
ms.service: security
7
+
ms.service: defender-easm
8
8
ms.date: 12/14/2022
9
9
ms.topic: how-to
10
10
---
@@ -15,7 +15,7 @@ These filters specifically apply to domain assets. Use these filters when search
15
15
16
16
## Defined value filters
17
17
18
-
The following filters provide a drop-down list of options to select. The available values are pre-defined.
18
+
The following filters provide a drop-down list of options to select. The available values are predefined.
19
19
20
20
| Filter name | Description | Value format example | Applicable operators |
@@ -26,7 +26,7 @@ The following filters provide a drop-down list of options to select. The availab
26
26
27
27
## Free form filters
28
28
29
-
The following filters require that the user manually enters the value with which they want to search. This list is organized by the number of applicable operators for each filter, then alphabetically. Please note that many of these values are case-sensitive.
29
+
The following filters require that the user manually enters the value with which they want to search. This list is organized according to the number of applicable operators for each filter, then alphabetically. Note that many values are case-sensitive.
30
30
31
31
| Filter name | Description | Value format example | Applicable operators |
0 commit comments