When tracking assets in your organization, you may want to identify, group, and report on them according to how they impact your business.
For example, you have a server with sensitive financial data and a number of workstations in your accounting office located in Cleveland, Ohio. The accounting department recently added three new staff members. Their workstations have just come online and will require a number of security patches right away. You want to assign the security-related maintenance of these accounting assets to different IT administrators: A SQL and Linux expert is responsible for the server, and a Windows administrator handles the workstations. You want to make these administrators aware that these assets have high priority.
These assets are of significant importance to your organization. If they were attacked, your business operations could be disrupted or even halted. The loss or corruption of their data could be catastrophic.
The scan data distinguishes these assets by their IP addresses, vulnerability counts, risk scores, and installed operating systems and services. It does not isolate them according to the unique business conditions described in the preceding scenario.
Using a feature called RealContext, you can apply tags to these assets to do just that. Your can tag all of these accounting assets with a Cleveland location and a Very High criticality level. You can tag your accounting server with a label, Financials, and assign it an owner named Chris, who is a Linux administrator with SQL expertise. You can assign your Windows workstations to a Windows administrator owner named Brett. And you can tag the new workstations with the label First-quarter hires. Then, you can create dynamic asset groups based on these tags and send reports on the tagged assets to Chris and Brett, so that they know that the workstation assets should be prioritized for remediation. For information on using tag-related search filters to create dynamic asset groups, see Performing filtered asset searches.
You also can use tags as filters for report scope. See Creating a basic report.
You can use several built-in tags:
You can also create custom tags that allow you to isolate and track assets according to any context that might be meaningful to you. For example, you could tag certain assets PCI, Web site back-end, or consultant laptops.
You can tag an asset individually on the details page for that asset. You also can tag a site or an asset group, which would apply the tag to all member assets. The tagging workflow is identical, regardless of where you tag an asset:
If you are creating or editing a static asset group: Go to the General page of the Asset Group Configuration panel, and select Add tags.
If you are creating or editing a dynamic asset group: In the Configuration panel for the asset group, select Add tags.
If you have just run a filtered asset search: To tag all of the search results, select Add tags, which appears above the search results table on the Filtered Asset Search page.
The section for configuring tags expands.
OR
To apply an previously created tag, start typing the name of the tag until the rest of the name fills in the text box.
If you are creating a new custom tag, select a color in which the tag name will appear. All built-in tags have preset colors.
Creating a custom tag
If you select Criticality, select a criticality level from the drop-down list.
Applying a criticality level
Another way to apply tags is by specifying criteria for which tags can be dynamically applied. This allows you to apply business context based on filters without having to create new sites or groups. It also allows you to add new criteria for which assets should have the tags as you think of them, rather than at the time you first tag assets. For example, you may have searched for all your assets meeting certain Payment Card Industry (PCI) criteria and applied the High criticality level. Later, you decide you also want to filter for the Windows operating system. You can apply the additional filter on the page for the High criticality level itself.
To apply business context with dynamic asset filters:
You can add criteria for when a tag will be dynamically applied
To view existing business context for a tag:
To edit, add new, or remove dynamic asset filters for a tag:
To remove all criteria for a tag:
You can take different actions to view or modify rules for tags
Certain filters are restricted for criticality tags, in order to prevent circular references. These restrictions apply to criticality tags applied through tag criteria, and to those added through dynamic asset groups. See Performing filtered asset searches.
The following filters cannot be used with criticality tags:
If a tag no longer accurately reflects the business context of an asset, you can remove it from that asset. To do so, click the x button next to the tag name. If the tag name is longer than one line, mouse over the ampersand below the name to expand it and then click the x button. Removing a tag is not the same as deleting it.
If you tag a site or an asset group, all of the member assets will "inherit" that tag. You cannot remove an inherited tag at the individual asset level. Instead, you will need to edit the site or asset group in which the tag was applied and remove it there.
Removing a custom tag.
If a tag no longer has any business relevance at all, you can delete it completely.
Note: You cannot delete a criticality tag.
To delete a tag, go to the Tags page:
Click the name of any tag to go to the details page for that tag. Then click the View All Tags breadcrumb.
Viewing the details page of a tag
OR
Click the Assets icon, then click the number of tags listed for Tagged Assets, even if that number is zero.
Go to the Asset Tag Listing table of theTags page. Select the check box for any tag you want to delete. To select all displayed tags, select the check box in the top row. Then, click Delete.
Tip: If you want to see which assets are associated with the tag before deleting it, click the tag name to view its details page. This could be helpful in case you want to apply a different tag to those assets.
Over time, the criticality of an asset may change. For example, a laptop may initially be used by a temporary worker and not contain sensitive data, which would indicate low criticality. That laptop may later be used by a senior executive and contain sensitive data, which would merit a higher criticality level.
Your options for changing an asset's criticality level depend on where the original criticality level was initially applied and where you are changing it:
You can create tags without immediately applying them to assets. This could be helpful if, for example, you want to establish a convention for how tag names are written.
You may apply the same tag to an asset as well as an asset group that contains it. For example, you might want to create a group based on assets tagged with a certain location or owner. This may occasionally lead to a circular reference loop in which tags refer to themselves instead of the assets or groups to which they were originally applied. This could prevent you from getting useful context from the tags.
The following example shows how a circular reference can occur with with location and custom tags:
The following example shows how a circular reference can occur with criticality:
The best way to prevent circular references is to look at the Tags page to see what tags have been created. Then go to the details page for a tag that you are considering using and to see which assets, sites, and asset groups it is applied to. This is especially helpful if you have multiple Security Console users and high numbers of tags and asset groups. To access to the details page for a tag, simply click the tag name.