Skip to main content

Review discovered assets

The dashboard is the visual intelligence hub of External Attack Surface Management (EASM). It aggregates and displays key insights from EASM scans and timeline-based comparisons, offering both real-time and historical views of your organization's digital footprint, cyber hygiene posture, risk exposure, and attack surface insights.

The dashboard presents visual, contextual, and interactive data, making it a powerful decision-making tool.

note

Use the Heatmap and World map views to visualize security data at an executive level.

Prerequisites

  • You must have a Veracode account with the Project Admin role for EASM.

Get access to the dashboard

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Scans and Analysis > EASM.
  3. Select the Dashboard icon dashboard_easm.png.

Filter search results

Use filters to narrow the search results.

Filter results by business unit

Filter the search results to view department-specific or client-specific insights, such as those related to teams, subsidiaries, or clients.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Scans and Analysis > EASM.
  3. Select the Dashboard icon.
  4. In the left navigation panel, from the Business Units dropdown, select an option to filter the search results. The EASM business unit is always DEFAULT and it is not associated with the Veracode Platform business unit.

Filter results by location

Filter the search results to view geographical distribution of assets and risks.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Scans and Analysis > EASM.
  3. Select the Dashboard icon.
  4. In the left navigation panel, from the Locations dropdown, select an option to filter the search results.

Check application hygiene status

In the Heatmap, World map, and Things dashboard views, applications are color-coded based on hygiene indicators.

  • Green: healthy (no issues detected)
  • Red: requires attention (issues detected)

Understand risk rating criteria

The following table outlines the risk rating criteria used to assess application cyber hygiene, ranging from A (Excellent) to F (Failing), based on the application security posture.

GradeLabelDescription
AExcellentMaintains robust cyber hygiene with no outstanding issues. Follows industry best practices in web security.
BGoodDemonstrates good security posture with minor areas for improvement. Actively manages risks, though some vulnerabilities may remain.
CAverageMeets basic security requirements but requires significant improvement. May use outdated software and could be vulnerable to advanced threats.
DPoorLacks adequate security controls, resulting in multiple cyber hygiene issues. It is non-compliant and at elevated risk.
FFailingFails to implement basic security measures. Uses outdated or insecure systems. Highly exposed and urgently requires a security overhaul.

View issues by severity and category in Heatmap

The Heatmap view shows security issues by severity and category, with data on discovery, hygiene, and attack surface reduction that can be filtered by business unit and location.

To complete this task:

  1. Sign in to the Veracode Platform.

  2. Select Scans and Analysis > EASM.

  3. Select the Dashboard icon. The dashboard shows the following key insights:

    • To view the count of the discovered assets, severity indicators and the actions suggested to reduce attack surface exposure, use the navigation icons:
      • DISCOVERY: review the discovered assets.
      • HYGIENE: view a detailed breakdown of indicator types and their severity levels.
      • ATTACK SURFACE REDUCTION: assess necessary actions to reduce attack exposure.
    • The circular chart provides an overall rating, either across all assets discovered, for specific items, or based on filters chosen.
  4. To open a menu, hover over a Heatmap. Then, select from the following options:

    • Export icon export_easm.png: create a report using a pre-defined template.
    • Update icon update_banner_easm.png: see updated banner stats for a particular domain or item.
    • Expand icon expand_results_easm.png: see a detailed breakdown of the discovery, hygiene, and attack surface reduction for a Heatmap block.

Explore data in Heatmap

The Heatmap view provides multiple ways to visualize data:

  • Circular chart: displays an overall rating based on all discovered assets, specific items, or filtered selections.

  • Banner stats: shows values based on selection and filtering criteria, from global trends to more detailed levels, including:

    • Business units
    • Countries
    • Domains
    • Applications
  • Expandable sections: offer detailed breakdowns by discovery, hygiene, and attack surface reduction.

View global asset distribution in World map

The World map view provides a geographical distribution of discovered assets and associated risks. It highlights where risks are concentrated across countries and regions. Regions are color-coded to indicate overall hygiene scores. Additional information about discovery, hygiene, and attack surface reduction is available in the right-hand panel.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Scans and Analysis > EASM.
  3. Select the Dashboard icon.
  4. To open the World map view, from the top of the table, use the dropdown and select World map.

Manage and categorize discovered assets

Things provides a CMDB-style interface that categorizes all discovered assets. Use it to perform operational tasks on assets, such as tagging, onboarding, and triaging assets.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Scans and Analysis > EASM.
  3. Select the Dashboard icon.
  4. To open the Things view, from the top of the page, use the dropdown and select Things.
  5. To filter Things, at the top-right corner of the page, select the appropriate filter. Each Things type opens in a table view with filterable columns, bulk actions, and direct links to passport views.
  6. To perform bulk actions, locate Things, select the checkboxes, then select EDIT SELECTED. See here to learn more about Things.

Compare results with different datasets

While a single EASM scan provides valuable insight, comparing scans over time offers deeper, actionable insights. Use the Compare with feature in the timeline to track progress, identify new risks, and support quarterly reviews or post-incident evaluations.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Scans and Analysis > EASM.
  3. Select the Dashboard icon.
  4. Select Compare with.
  5. To compare two different sets of results and identify what is new, changed, or resolved, select another dataset to create a comparison.
  6. To return to the standard scan view, select the X next to the scan timestamp at the top of the page.

The timeline is located at the bottom of the Dashboard and provides visibility into test results over time. It enables historical comparisons and offers insights into the organization’s evolving cybersecurity posture. Use the Timeline Navigator to:

  • Switch between historical test results
  • View corresponding scan results and hygiene ratings for each point in time

Each timeline entry displays the following information:

  • Test date
  • Colour-coded hygiene indicator:
    • Green = Good
    • Red = Requires Attention
  • Cyber hygiene rating (graded on a five-level scale: A to F)