In this brief post, we'll take a closer look at the Library in Attack Surface Management (ASM).

In ASM you have the ability to browse a listing of all available Issue Definitions, Technology Definitions, and Task Definitions.  This can be useful if you're interested in reviewing the various checks that ASM performs while scanning or the various technologies that ASM can identify.  

The ASM Library can be accessed via the following URL, or by clicking your profile drop-down menu in ASM and selecting Library.

https://asm.advantage.mandiant.com/library/

On the Library page, we can see that the library is composed of the same three definition types mentioned above, and that we can click through these to browse through the different Issues, Technologies, and Tasks that go into an ASM scan.

For example, we might be interested in knowing which proxy technologies ASM is able to identify during a scan.  We can search for all Technology definitions with the term 'Proxy' in them using the search filter in order to browse through the list of definitions.  A subset of these is shown below.

Note also that the "Labels" filter on the left of the page allows you to do further browsing through entries with some pre-populated values like Wordpress Plugin and COTS.  You can use these labels to do further searching across different categories of technologies.

Now for a quick challenge:  Using the ASM Library, can you determine when the Issue Definition for MobileIron Core - Authentication Bypass (CVE-2023-35082) was released?