Microsoft Defender External Attack Surface Management (Defender EASM) discovers and classifies assets and workloads across your organization's digital presence to enable teams to understand and prioritize exposed weaknesses in cloud, SaaS, and IaaS resources to strengthen security posture. Features recently added boost usability and enable exciting new ways for customers to leverage their inventory data and critical security insights derived from their organization's assets and workloads. Below, learn about these powerful new enhancements and how you can begin using them today.
Data Connections
Defender EASM now offers data connections to help users seamlessly integrate their attack surface data into other Microsoft solutions to supplement existing workflows with new insights. The data connector sends asset data to two different platforms: Microsoft Log Analytics and Azure Data Explorer. Users need to be active customers to export Defender EASM data to either tool, and data connections are subject to the pricing model of each respective platform. Data connections can support large exports – more than 100 million assets a day.
Read more about the Data Connector here>
Software Development Kit (SDK)
Customers can now access a client library for Python that helps them operationalize the Defender EASM REST API to automate processes and improve workflows. The SDK is now available to customers in Public Preview.
Asset Labels
Labels help you organize your attack surface and apply business context in a highly customizable way; you can apply any text label to any asset, allowing you to group assets and better operationalize your inventory.
Common labeling of assets includes:
REST API: The Defender EASM REST API lets customers manage their attack surface at scale. Users can leverage Defender EASM data to automate workflows by integrating into existing processes or creating new applications and clients. Recent updates include implemented validation checks & error responses, critical contextual information contained in response when retrieving task data (e.g., task ID, timestamps), and "groupBy" and "segmentBy" fields for asset details and summaries.
Regional Expansion: The "westeurope" region is now supported by Defender EASM. Currently supported regions:
Latest Updated chart timestamps: Dashboard charts now have a "Last updated" timestamp that indicates the time the chart data was last refreshed. This transparency helps customers understand the freshness of the presented data. The timestamp is localized to the user's time zone.
Inventory sorting: Users can now sort most Defender EASM data by table columns. By clicking on the applicable column header name, users can choose for their data to ascend or descend by the selected value. Sorting is supported on both the Inventory page and Chart drill-downs displaying the assets comprising a count on a dashboard chart. Both pages support sorting by the "Asset" (name), "Kind," "First Seen," and "Last Seen" column values.
CVEs: Users can now filter host, IP address, and page assets by CVE ID. All CVEs in Defender EASM are now hyperlinked to the Defender Threat Intelligence Community portal, where you can obtain additional data. We now display CVE information by CVSS 2.0 and 3.x scores - all visible on the Asset Details page and dashboards.
Other Chart Enhancements:
CVSS v2.0 and CVSS 3.x breakdown in Charts:
We now display CVE information by CVSS 2.0 and 3.x scores. This is visible on the Asset Details page, as well as on dashboards:
New Attack Surface Insights:
Potential Insights
Potential Insights are created when a vulnerable version of software has not been detected and needs to be validated by the customer. Customers using this software should check if they have the vulnerable versions highlighted in the insight:
MDEASM is made by security professionals for security professionals. Join our community of security pros and experts to provide product feedback and suggestions and start conversations about how MDEASM helps you manage your attack surface and strengthen your security posture. With an open dialogue, we can create a safer internet together.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.