다음을 통해 공유


Azure EASM client library for Java - version 1.0.0-beta.1

Microsoft Defender External Attack Surface Management (Defender EASM) continuously discovers and maps your digital attack surface to provide an external view of your online infrastructure. This visibility enables security and IT teams to identify unknowns, prioritize risk, eliminate threats, and extend vulnerability and exposure control beyond the firewall. Defender EASM leverages Microsoft’s crawling technology to discover assets that are related to your known online infrastructure, and actively scans these assets to discover new connections over time. Attack Surface Insights are generated by leveraging vulnerability and infrastructure data to showcase the key areas of concern for your organization.

This package contains Microsoft Azure EASM Defender client library.

Documentation

Various documentation is available to help you get started

Getting started

Prerequisites

Adding the package to your product

<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-analytics-defender-easm</artifactId>
    <version>1.0.0-beta.1</version>
</dependency>

Authentication

Azure Identity package provides the default implementation for authenticating the client.

Key concepts

Assets

Defender EASM includes the discovery of the following kinds of assets:

  • Domains
  • Hosts
  • Pages
  • IP Blocks
  • IP Addresses
  • Autonomous System Numbers (ASNs)
  • SSL Certificates
  • WHOIS Contacts

These asset types comprise your attack surface inventory in Defender EASM. This solution discovers externally facing assets that are exposed to the open internet outside of traditional firewall protection; they need to be monitored and maintained to minimize risk and improve an organization’s security posture. Microsoft Defender External Attack Surface Management (Defender EASM) actively discovers and monitors these assets, then surfacing key insights that help customers efficiently address any vulnerabilities in their organization.

Discovery

Microsoft Defender External Attack Surface Management (Defender EASM) relies on our proprietary discovery technology to continuously define your organization’s unique Internet-exposed attack surface. Discovery scans known assets owned by your organization to uncover previously unknown and unmonitored properties. Discovered assets are indexed in a customer’s inventory, providing a dynamic system of record of web applications, third party dependencies, and web infrastructure under the organization’s management through a single pane of glass.

Discovery Groups

Custom discoveries are organized into Discovery Groups. They are independent seed clusters that comprise a single discovery run and operate on their own recurrence schedules. Users can elect to organize their Discovery Groups to delineate assets in whatever way best benefits their company and workflows. Common options include organizing by responsible team/business unit, brands or subsidiaries.

Examples

String subscriptionId = Configuration.getGlobalConfiguration().get("SUBSCRIPTION_ID");
String workspaceName = Configuration.getGlobalConfiguration().get("WORKSPACENAME");
String resourceGroupName = Configuration.getGlobalConfiguration().get("RESOURCEGROUPNAME");
String endpoint = Configuration.getGlobalConfiguration().get("ENDPOINT");

EasmClient easmClient = new EasmClientBuilder()
    .endpoint(endpoint)
    .subscriptionId(subscriptionId)
    .workspaceName(workspaceName)
    .resourceGroupName(resourceGroupName)
    .credential(new DefaultAzureCredentialBuilder().build())
    .buildClient();
File Name Description
DiscoveryRunsSample.java Create and manage a discovery group
DiscoTemplateSample.java Create discovery groups using a template
SavedFilterSample.java Use saved filters to synchronize queries across scripts
ManagingExternalIdsSample.java Tag assets automatically with external ids

Troubleshooting

Enabling Logging

Azure SDKs for Java offer a consistent logging story to help aid in troubleshooting application errors and expedite their resolution. The logs produced will capture the flow of an application before reaching the terminal state to help locate the root issue. View the logging wiki for guidance about enabling logging.

Next steps

These code samples show common scenario operations with the Azure Anomaly Detector library. More samples can be found under the samples directory.

For more extensive documentation on Microsoft Defender External Attack Surface Management, see the Defender EASM: https://azure.microsoft.com/services/ on docs.microsoft.com.

Contributing

For details on contributing to this repository, see the contributing guide.

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request

Impressions