Zscaler External Attack Surface Management (EASM) Tools

The Zscaler External Attack Surface Management (EASM) tools provide read-only functionality for monitoring your organization’s external attack surface, including findings, lookalike domains, and organization management.

Note

EASM tools do not require ZSCALER_CUSTOMER_ID. Only ZSCALER_CLIENT_ID, ZSCALER_CLIENT_SECRET, and ZSCALER_VANITY_DOMAIN are required.

Available Tools

EASM Tools

Tool Name

Description

zeasm_list_organizations

List all EASM organizations configured for the tenant

zeasm_list_findings

List all findings for an organization’s internet-facing assets

zeasm_get_finding_details

Get detailed information for a specific finding

zeasm_get_finding_evidence

Get scan evidence attributed to a specific finding

zeasm_get_finding_scan_output

Get complete scan output for a specific finding

zeasm_list_lookalike_domains

List all lookalike domains detected for an organization

zeasm_get_lookalike_domain

Get details for a specific lookalike domain

Tool Details

Organizations

zeasm_list_organizations

List all organizations configured for a tenant in the EASM Admin Portal.

Parameters:

param service:

The service to use (default: “zeasm”)

type service:

str

Returns:

  • Dictionary containing: - results: List of organization objects - total_results: Total number of organizations

Example:

# List all EASM organizations
orgs = zeasm_list_organizations()
print(f"Total: {orgs['total_results']}")
for org in orgs['results']:
    print(f"  {org['id']}: {org['name']}")

Findings

zeasm_list_findings

List all findings identified and tracked for an organization’s internet-facing assets.

Parameters:

param org_id:

The unique identifier for the organization

type org_id:

str

param service:

The service to use (default: “zeasm”)

type service:

str

Returns:

  • Dictionary containing: - results: List of finding objects - total_results: Total number of findings

Example:

# List all findings for an organization
findings = zeasm_list_findings(org_id="3f61a446-1a0d-11f0-94e8-8a5f4d45e80c")
print(f"Total: {findings['total_results']}")
for finding in findings['results']:
    print(f"  {finding['id']}: {finding['category']}")

zeasm_get_finding_details

Get detailed information for a specific EASM finding by ID.

Parameters:

param org_id:

The unique identifier for the organization

type org_id:

str

param finding_id:

The unique identifier for the finding

type finding_id:

str

param service:

The service to use (default: “zeasm”)

type service:

str

Returns:

  • Dictionary containing finding details

Example:

# Get details for a specific finding
details = zeasm_get_finding_details(
    org_id="3f61a446-1a0d-11f0-94e8-8a5f4d45e80c",
    finding_id="8abfc6a2b3058cb75de44c4c65ca4641"
)
print(details)

zeasm_get_finding_evidence

Get scan evidence attributed to a specific EASM finding. This is a subset of the scan output.

Parameters:

param org_id:

The unique identifier for the organization

type org_id:

str

param finding_id:

The unique identifier for the finding

type finding_id:

str

param service:

The service to use (default: “zeasm”)

type service:

str

Returns:

  • Dictionary containing evidence object with content and source_type

Example:

# Get evidence for a finding
evidence = zeasm_get_finding_evidence(
    org_id="3f61a446-1a0d-11f0-94e8-8a5f4d45e80c",
    finding_id="8abfc6a2b3058cb75de44c4c65ca4641"
)
print(evidence['content'])

zeasm_get_finding_scan_output

Get complete scan output for a specific EASM finding.

Parameters:

param org_id:

The unique identifier for the organization

type org_id:

str

param finding_id:

The unique identifier for the finding

type finding_id:

str

param service:

The service to use (default: “zeasm”)

type service:

str

Returns:

  • Dictionary containing scan output object with content and source_type

Example:

# Get scan output for a finding
scan_output = zeasm_get_finding_scan_output(
    org_id="3f61a446-1a0d-11f0-94e8-8a5f4d45e80c",
    finding_id="8abfc6a2b3058cb75de44c4c65ca4641"
)
print(scan_output['content'])

Lookalike Domains

zeasm_list_lookalike_domains

List all lookalike domains detected for an organization’s assets.

Parameters:

param org_id:

The unique identifier for the organization

type org_id:

str

param service:

The service to use (default: “zeasm”)

type service:

str

Returns:

  • Dictionary containing: - results: List of lookalike domain objects - total_results: Total number of lookalike domains

Example:

# List all lookalike domains for an organization
domains = zeasm_list_lookalike_domains(org_id="3f61a446-1a0d-11f0-94e8-8a5f4d45e80c")
print(f"Total: {domains['total_results']}")
for domain in domains['results']:
    print(f"  {domain['domain_name']}")

zeasm_get_lookalike_domain

Get details for a specific lookalike domain by domain name.

Parameters:

param org_id:

The unique identifier for the organization

type org_id:

str

param lookalike_raw:

The lookalike domain name (e.g., “example-domain.com”)

type lookalike_raw:

str

param service:

The service to use (default: “zeasm”)

type service:

str

Returns:

  • Dictionary containing lookalike domain details

Example:

# Get details for a specific lookalike domain
details = zeasm_get_lookalike_domain(
    org_id="3f61a446-1a0d-11f0-94e8-8a5f4d45e80c",
    lookalike_raw="assuredartners.com"
)
print(details)

Authentication

EASM tools authenticate through OneAPI:

OneAPI Authentication:

  • Uses OAuth2 client credentials

  • Requires the following environment variables:

    • ZSCALER_CLIENT_ID

    • ZSCALER_CLIENT_SECRET

    • ZSCALER_VANITY_DOMAIN

Note

Unlike other Zscaler services, EASM does not require ZSCALER_CUSTOMER_ID.

Common Use Cases

  1. Attack Surface Monitoring: List and review findings across your organization’s internet-facing assets

  2. Vulnerability Assessment: Get detailed information about specific security findings

  3. Brand Protection: Monitor and track lookalike domains that may be used for phishing

  4. Evidence Collection: Retrieve scan evidence and outputs for security investigations

  5. Multi-Organization Management: Manage EASM across multiple organizations in a tenant

Error Handling

All EASM tools include comprehensive error handling:

  • Authentication errors: Invalid credentials or expired tokens

  • Permission errors: Insufficient privileges for the requested operation

  • Validation errors: Invalid parameters or malformed requests

  • Not Found errors: Organization, finding, or domain not found

For detailed error information, check the tool response for error messages and status codes.