Configure Tags in CSAM

Configure tags so you can apply them to assets in your subscription. This helps you to organize your assets and to manage user access to them. You can apply tags to IP addresses and web applications.

1) Go to Tags and select Create Tag.

2) Enter the basic details and tag properties for your tag.

- Basic DetailsBasic Details

Give your tag a name (up to 1024 characters).

Select Mark as Favourite if you want to create a tag as favourite. Favourite tag will be displayed with yellow star in the list.

Add a description for your tag (optional).

- Asset Criticality ScoreAsset Criticality Score

This score represents the criticality of the asset to your business infrastructure.

- You can set the asset criticality score between 1 to 5. Score 1 being the lowest criticality and 5 being the highest criticality assigned to an asset, when selected.

- If you don't select asset criticality score, by default the asset criticality score '2' will be applied to that asset.

- If your asset has multiple tags with some asset criticality score, the criticality of your asset will be the maximum criticality score among the tags. (For example, asset 'A' has three tags with asset criticality score 3, 4 and 2 then the asset criticality score of asset 'A' will be 4).

- Tag PropertiesTag Properties

Color coding is a great way to organize tags. You might assign different colors to different tag.

When creating a child tag, you can select a parent tag from existing tags in your account. To select existing tag click Select and then choose a tag from Select Tags pop up. You can enable the "Search within child" check box. This helps you when searching for parent tags on the Tags page; related child tags will appear.
You can also create a new tag for a parent. Simply, click Create and again similar form to create a tag displays. You'll not be able to create a new parent from this new tag.

3) Set up a dynamic tag type (optional). If there is no dynamic rule then your tag will be saved as a static tag.

- Tag TypeTag Type

There are two types of tags - Static and Dynamic. By default, static tag will be created. Dynamic tag allows you to define Tag Rules. You can select "Evaluate Rule on Creation" check box to evaluate dynamic rule once it is created or updated.

- Tag RulesTag Rules

The following are the rules that help to identify the assets to apply tags.

- No Dynamic Rule: Your tag will be a static tag.

- Asset Name Contains: Applies the tag when any part of the user-definable asset name contains the substring or substrings you enter. Add multiple substrings separated by the "|" (vertical bar) with no spaces before or after.

- Business Information: Applies tags to the assets with queried business information attributes.

- Asset Inventory: Applies the tag to assets from CyberSecurity Asset Management.

Note: Asset Inventory tag rules are available only if you have the following subscription:

- VMDR (Trial/Purchase) + GAV/CSAM (Trial/Full)

- Non-VMDR/VM + CSAM (Trial/Full)

- IP Address In Range(s): Applies the tag to assets with an IP in the range you enter (e.g. 172.31.254.0-172.31.254.25 or 172.31.254.0/25).

- IP Address In Range(s) + Network(s): Applies the tag to assets with an IP in the range you enter and network.

- Open Ports: Applies the tag to assets whose port listing matches the ports you enter (e.g. 80,123).

- Cloud Asset Search: Applies the tag to Amazon EC2, Microsoft Azure, and Google Cloud Platform instances matching the query you provide. You can also create tags for your cloud assets. For more information, refer to the following:

Tag your Amazon EC2 instances | Tag your Microsoft Azure instances | Tag your Google Cloud Platform instances

- Vuln (QID) Exists: Applies the tag to assets with the vulnerability (QID).

- Groovy Scriptlet: Applies the tag to assets based on the Groovy script.

- Asset Search: Applies the tag to assets based on QID results.

- Test Rule Applicability on Selected Assets.Test Rule Applicability on Selected Assets.

(optional) Select assets in your account to test the rule and click Apply. The result is shown in the "Test Rule Applicability on Selected Assets" section of the 'Create New Tag' page.

Pass: A green color 'Pass' tells you the asset matches the rule.

Fail: A red color 'Fail' tells you the asset does not match the rule.

Note: For the Groovy Scriptlet rule, a gear icon is shown next to the Pass or Fail result. When you click the gear icon, you can see the Groovy rule test results for the assets that you selected.

Test Rule Applicability

Groovy Rule Test Results

4) Click Create to save the tag. When you save your dynamic tag, we apply it to all scanned hosts that match the rule you defined. You can filter the assets list to show only those that match your new tag rule.

Note: When you save your static tag, you can apply it to your asset from the Inventory tab.

Good to Know

Why are some tags already in my account?

Tell me about tag rules

Manage your tags

Tag your Amazon EC2 Instances

Tag your Microsoft Azure instances

Tag your Google Cloud Platform instances