Tags: Overview

This article reviews tags, project tags, and how to tag findings.

Tags in Ivanti Neurons can be applied to assets, web applications, and vulnerabilities. Tags are useful in the following areas:

As a “soft grouping” mechanism:

Groups are a way to segment your asset and web application data. You can use tags to add another layer of segmentation to your data. For example, if your groups are based on location, you can use tags to identify the device type.

To create a workflow:

Ivanti Neurons has an in-built remediation workflow, but you may find that you want to either add steps to the remediation workflow or create a different workflow. For example, if you have an internal policy that two approvals are required to accept the risk of high severity vulnerabilities on critical servers, you can require users to add a tag to those vulnerabilities. Users can then easily filter for vulnerabilities that are in the Awaiting Acceptance step of the workflow and additionally by the designated tag.

Tags can also be used to create a workflow. For example, if any user believes that an asset has been retired or is no longer on the network, they can apply a “Potential Delete” tag to those assets. A designated user responsible for the management of assets in RiskSense can then easily filter by this tag and delete or regroup assets accordingly.

To identify compliance-related assets:

Tags can be applied to assets that are significant for compliance purposes, such as HIPAA or PCI. It is then easy to filter for these assets (both in the list views and dashboards) and assess their risk separately from the rest of the network environment.

Project Tags: Project Tags are a special tag type that can have a priority set on them (used for sorting) and can also have a start date and due date. From the Tags page, project tags can be viewed according to their due dates and start dates, in addition to percent complete and other finding information. Project tags can also be set as PCI. Once a project tag is set and saved as PCI, the date and its status as PCI cannot be changed. The PCI tag will then look at hosts and the corresponding vulnerabilities’ Discovered on dates, tagging findings around the set date range.