Manage Asset Tags

 

Tags we've defined for you

How do I view tag details?

Tagging DNS hostnames

How do I view whether the tag re-evaluation is completed or not while creating or updating a tag with a dynamic rule?

Tell me about the tag tree

What assets have a tag?

Saving tags

Tags for cloud instances

Tell me about tag rules

Tell me about tag filters

How do I move tags to root?

Tell me about favorites

How to remove tags from the Asset Details page?

How to View and Edit tags from the Asset Details Page?

Enhanced Select Tags Page

Adding multiple static tags to assets in bulk

Differentiation between IP-based and NIC-based tag types

 

Tags we've defined for you

We automatically create tags for you. Business UnitsBusiness Units | Asset GroupsAsset Groups | Cloud AgentCloud Agent | Internet Facing AssetsInternet Facing Assets | Passive SensorPassive Sensor

Passive Sensor
- Unmanaged: All passively sensed assets that do not have a cloud agent or have not been scanned by Qualys scanner have this tag.

- Passive Sensor: All assets reported by the passive sensor appliance have this tag.

- ICS_OCA: The assets sensed from project files uploaded by the user in the Industrial Control System (ICS) module have this tag.

Internet Facing Assets
We create the Internet Facing Assets tag for assets with specific IP address in defined in the tag. We automatically tag assets that matches this pre-defined IP address range in the tag. You can use this tag to prioritize vulnerabilities in VMDR reports.

You can edit 'Internet Facing Tags' and evaluate these tags with "Evaluate Rule on Creation" check-box.

Cloud Agent
We create the Cloud Agent tag with child tags for the cloud agents in your account. All the cloud agents are automatically assigned Cloud Agent tag by default.

A child tag can be:

- Location specific agents

- Machine specific agents

Asset Groups
We create the tag Asset Groups with child tags for the asset groups in your account. Assets in an asset group are automatically assigned the tag for that asset group.

Example:
If you have an asset group called West Coast in your account, then you'll have a tag called West Coast.

Business Units
We create the Business Units tag with child tags for the business units in your account. Assets in a business unit are automatically assigned the tag for that BU.

A child tag can be:

- Unassigned Business Unit

- A custom business unit name, when a custom BU is  defined in your account

Tagging DNS hostnames

The DNS hostnames in the asset groups are automatically assigned the tag for that asset group.

For example, if you add DNS hostname qualys-test.com to My Asset Group (asset group) in the Vulnerability Management (VM) application, then we'll add the My Asset Group tag to DNS hostname qualys-test.com.

Tell me about the tag tree

You'll see the tag tree here in CyberSecurity Asset Management (CSAM) and in apps in your subscription. We present your asset tags in a tree with the high level tags like the Business Units tag, Cloud Agent tag and the Asset Groups tag at the top-most level and child tags like those for individual business units, cloud agents and asset groups as branches. Show meShow me

Tag tree in assetview app.

As tags are added and assigned, this tree structure helps you manage your assets by mimicking organizational relationships within your enterprise.

A benefit of the tag tree is that you can assign any tag in the tree to a scan or report.

Adding Child Tags

You'll add a child tag from Quick Actions menu for a tag. You can create maximum 8 tag levels and 100 child tags for a parent tag.

Saving tags

When you save your dynamic tag, we apply it to all scanned hosts that match the rule you defined. You can filter the assets list to show only those that match your new tag rule.

When you save your static tag, you can apply it to your asset from the Inventory tab.

Tell me about tag rules

When you create a tag, you can configure a tag rule for it. The rule is used to evaluate asset data returned by scans. When asset data matches a tag rule we'll automatically add the tag to the asset. Whenever you add or edit a dynamic tag based on any rule, if the "Evaluate Rule on Creation" check box is not selected, the tag evaluation for a given asset will happen only after that asset is scanned later.

Whenever a new dynamic tag is created or an existing tag is modified, the tags are automatically queued for auto-evaluation. You need not manually initiate a rule evaluation.

How do I view tag details?

Go to the Tags tab and click View under Quick Actions menu for a tag. The view mode for screens displays with tag details and activity details for the tag. You can edit, mark as favourite, and delete the tag from this mode from Actions menu.

How do I view whether the tag re-evaluation is completed or not while creating or updating a tag with a dynamic rule?

Once you’ve created or updated a tag with a dynamic rule, re-evaluating the tag can take a while in a large environment. However, you can see your latest tag re-evaluation on the tag list page under the REEVAL STATUS tab.

The following are the statuses you can view on the tag details page.

In progress: In this state, the assets are getting attached to the tag. The tag is evaluating, and assets are being added to the tag.

Completed: When all the assets are added to the tag and the process is completed. The tag has finished evaluating the assets.

How do I view Action logs details?

To view all the action log details, go to the Tags tab and click View under Quick Actions menu > Click Action Log.

How do I move tags to root?

Go to the Tags tab and click Move to root under Quick Actions menu for a child tag. Once you perform 'Move to root' action, child tag will be moved to parent tag and carries all the children under it while moving to root.

Tell me about tag filters?

Go to the Tags tab and you can see Filters dropdown. You can filter the list of tags using favourite, not in use, and in scope checkbox. You can also filter tags based on the color applied to tags.

Tell me about favorites

If there are tags you assign frequently, adding them to favorites can save time. You can mark a tag as a favorite when adding a new tag or when editing an existing one. If a tag is already favourite, you can see an option to remove from favourite.

How do I find out what assets have a tag?

It's easy. Say you want to find assets with the tag "Windows All".
- Go to the Assets tab under Inventory menu, enter "tags" (no quotes) in the search field
- Select "tags.name" and enter your query: tags.name: Windows All
- Then press Enter button from your keyboard

You can also find the list of assets from Tags menu. From Quick Actions menu for a tag, click Find Assets and you can see list of assets associated with the tag.

Tags for cloud instances

Its easy to group your cloud assets according to the cloud provider they belong to. Tags are applied to assets found by cloud agents (AWS, AZURE, GCP), AssetView (EC2, Azure connectors), and TotalCloud (AWS, Azure, GCP connectors).

The query used during tag creation may display a subset of the results shown when the same query is run in the Assets tab. This is because the query in the Tag Creation wizard is always run in the context of the selected cloud provider.

For example the following query returns different results in the Tag Creation wizard and Asset search:

not aws.ec2.publicIpAddress is null

You must provide the cloud provider information in the Asset search to get results for a specific cloud provider.

provider:AWS and not aws.ec2.publicIpAddress is null

Similarly, use provider:Azure and provider:GCP for the respective cloud providers.

How to remove tags from the Asset details page?

Navigate to Inventory > Assets and then click View Details under the Quick Actions menu for an asset. You are navigated to the Asset Summary of that asset. You can see the tags assigned to that asset.

Asset Summary tab.

You can remove only static tags assigned to the asset. you cannot remove dynamic and system-defined tags assigned to that asset. As shown in the following screen capture, the Remove Tag option is shown only for a static tag. By clicking Remove Tag, you can remove the static tag from the Asset Details page. 

Remove Static Tag

How to View and Edit tags from the Asset Details Page?

You can view and edit static and dynamic tags from the Asset Summary tab on the “Asset Details” page. When you click View, a new "Tag Details" page opens, unlike the earlier release, wherein you could see the tag details in the pop-up window.

Note: When you click ctrl + View, the “Tag Details” page opens in the next tab.

View tags.

You can see the tag details on the "Tag Details" page. Also, you can edit or mark the tag as a favorite by clicking Actions from the “Tag Details” page. 

Tag details page.

Enhanced Select Tags Page

The “Select Tags” page is modified to enhance the user experience. This page is used from multiple tabs to execute various operations. Also, the “Select Tags” page is used across Qualys products. 

See the following screen capture that shows the “Select Tags” page.

Select tags.

- A Recent & Favorites tab is added to the Select Tags page. As shown in the screen capture, from the Recent & Favorites tab, you can see tags categorized as Recent Tags and Favorite Tags. After selecting the required tag, it is also shown in the Selected Tags section. 
- No changes are made to the search functionality from the All Tags tab. You can search for the tag by entering a complete tag name or its substring, and parent and child tags for which the search string matches are shown. 

-  The Show Tags in the User Scope checkbox is added to the Select Tags page under the All Tags tab. 

Note that this enhancement will be available after the RX 2.28.0 release.

This implementation ensures that the non-manager users, such as sub-users, can access only those assets the Manager role has explicitly granted.


Tag-specific Permissions to Sub-Users

-  Sub-users cannot create a child tag for a tag added to its scope.

-  Sub-users do not require edit permission to edit a tag they created. However, delete permission is necessary to delete the tag.

-  When the Show Tags in User Scope check box is selected, the tags in your scope are listed. 

-  When the Show Tags in User Scope check box is cleared, you can see all tags in the subscription. The tags that are outside your scope are shown with a lock symbol.

Tag Selector Enhancements.

Adding multiple static tags to assets in bulk

You can add static tags to a maximum of 10K assets in one action.

To add static tags to assets, go to the Inventory tab and click the check box next to the Actions menu. You can see the number of assets selected. Click Add Tags from the Actions list. From the Select Tags popup, select the static tags you want to add to the selected assets.

Add multiple static tags.

 

Select tags.

The number of tags you can add to assets depends on the number of assets you selected. Refer to the following table for more details.

Assets Selected

Permissible Number of Tags for Addition

More than 5000

1

3000 to 4999

2

1000 to 2999

3

500 to 999

10

200 to 499

20

Differentiation between IP-based and NIC-based tag types

Asset Group and Business Unit Tags will exclusively utilize the Primary IP address. For Dynamic IP address range and Network Tags, all IP addresses associated with multi-NIC hosts will be considered.

Additional Resources

Tag your Amazon EC2 instances

Tag your Microsoft Azure instances

Tag your Google Cloud Platform instances