You should expect to get a breakdown of how you can get enabled in the Edgescan platform, who to contact for help and how to get your first set of results.
Version Number: v1.0.1
Published Date: 16 Apr 2024
____________________________________________________________________________
Introduction
Welcome to the world of Edgescan, a cutting-edge solution for vulnerability management, web application security, external attack surface management & penetration testing as a service. This guide will walk you through the essential steps to get started with Edgescan, ensuring you harness the full potential of this powerful technology.
Account Setup
-
Begin by asking your superuser to create you an account.
-
Follow the guided setup process to configure your account settings.
-
Verify and authenticate your account to ensure secure access.
-
We recommend setting up multi-factor authentication, OTP is the recommended setup.
Dashboard Orientation
-
Upon logging in, familiarize yourself with the intuitive Edgescan dashboard.
Everything in Edgescan is designed to be simple to learn and use. Edgescan uses list pages to present information, so once you learn how to use one page, the mechanics can be transferred to any other page in the platform.
-
Explore the main features, including dashboards, vulnerabilities, EASM, reporting, account settings and configuration options.
-
Take note of key navigation elements for efficient usage.
Creating other users
-
If you are a privileged user, you may need to create your organisations Edgescan users.
-
Define the role of the user, the default roles are:
-
Superuser - can administer users and all aspects of the platform.
-
Editor user - cannot administer users, can do everything else a superuser can do.
-
Viewer user - cannot administer users, can view all default resources in edgescan.
-
Edgescan works on a resource based system. The following are Edgescan resources you will interact with, each is controlled by strict view, edit, create & delete permissions.
-
Assets
-
Vulnerabilities
-
Organisations
-
EASM Investigations
-
Reporting
-
Events
-
Licences
Create your first asset
-
You can create assets in the UI using the plus symbol in the Assets page.
-
Define the scope of the scan, specifying targets and any exclusions.
-
Customize scan settings based on your organization's requirements.
Configure Your Scan
-
Set up your first vulnerability scan by navigating to the Asset page.
-
Define the scope of the scan, specifying targets and any exclusions.
-
Here is a breakdown of the assessment stages.
Initiate a Scan
-
Once configured, press “start scan” on the Calendar.
-
Monitor the progress of the scan within the Platform.
-
Edgescan's automated scanning capabilities will comprehensively assess your web applications and infrastructure.
Review Scan Results
-
Access detailed scan results through the Vulnerabilities page.
-
Understand the risk levels of vulnerabilities detected.
-
You can filter your vulnerabilities by risk, and cross-section them by intelligence such as CISA KEV list, EPSS score.
-
Utilize filters and sorting options to prioritize and address critical issues.
Edgescan is easy to integrate into any of your existing workflows or processes.
The below URL is for the above filter, you can swap out sections of the URL if you wish to interact with slightly different information. This makes it easy to integrate and share links with team members.
https://live.edgescan.com/app/vulnerabilities?l=25&o=0&s[risk]=desc&s[id]=asc&c[status]=open&c[on_cisa_list]=true&c[epss_score_greater_than]=0.9
Remediation Guidance
-
Leverage Edgescan's actionable insights to guide your remediation efforts.
-
Access detailed information on each vulnerability, along with recommended steps to mitigate risks.
-
Collaborate with your team to address identified issues efficiently.
-
Once remediation has completed, you can initiate a retest of one or many vulnerabilities in Edgescan.
Integrate with Your Workflow
-
Enhance your workflow by integrating Edgescan with other tools and platforms.
-
Edgescan swagger documentation is available here.
Continuous Monitoring
-
Embrace the power of continuous monitoring with scheduled scans.
-
Set up recurring scans to ensure your environment remains secure over time.
-
Receive automated reports to stay informed about the security posture of your applications.