Tags: Overview

This article reviews tags, project tags, and how to tag findings.

Tags in RiskSense can be applied to assets, web applications, and vulnerabilities. Tags are useful in the following areas:

As a “soft grouping” mechanism:

Groups are a way to segment your asset and web application data. You can use tags to add another layer of segmentation to your data. For example, if your groups are based on location, you can use tags to identify the device type.

To create a workflow:

RiskSense has an in-built remediation workflow, but you may find that you want to either add steps to the remediation workflow or create a different workflow. For example, if you have an internal policy that two approvals are required to accept the risk of high severity vulnerabilities on critical servers, you can require users to add a tag to those vulnerabilities. Managers can then easily filter for vulnerabilities that are in the Awaiting Acceptance step of the workflow and additionally by the designated tag.

Tags can also be used to create a workflow. For example, if any user believes that an asset has been retired or is no longer on the network, they can apply a “Potential Delete” tag to those assets. A designated user responsible for the management of assets in RiskSense can then easily filter by this tag and delete or regroup assets accordingly.

To identify compliance-related assets:

Tags can be applied to assets that are significant for compliance purposes, such as HIPAA or PCI. It is then easy to filter for these assets (both in the list views and dashboards) and assess their risk separately from the rest of the network environment.

Project Tags: Project Tags are a special tag type that can have a priority set on it (used for sorting) and can also have a start date and due date. From the Tags page, project tags can be viewed according to their due dates and start dates, in addition to percent complete and other finding information. Project tags can also be set as PCI. Once a project tag is set and saved as PCI, the date and its status as PCI cannot be changed. The PCI tag will then look at hosts and the corresponding vulnerabilities’ Discovered on dates, tagging findings around the set date range.

CREATING TAGS

Option 1: Within the Hosts or Findings Screens

First, select finding(s) or host(s)to tag by checking the box next to the finding/host.

Move up to the "Tags" dropdown box.  You can either click on an existing tag you wish to apply, or hit the Create button to "Create" a new tag.

The Create Tag box will display the options you have when creating the tag.  Additional information about each field is provided below.

Tag Type: Variety of options to choose from. Project tags have a special additional workflow (More on project tags below).

Name: Tag name.

Description: Optional tag description.

Owner: Sometimes the user that created tag, but others can be added or removed.

Color: Assign a color to the tag for easy identification.

Locked: Tags can be locked so that no one else can edit its settings (checked) or unlocked (unchecked), allowing anyone to edit.

Propagate Asset Tag to All Findings: Uncheck this box to only apply tag to the asset. If checked, the tag will be applied across all findings on the host/asset.

The created tag will appear in the Tag page's list of tags and can now be assigned to findings. The tag will also be applied to the selected finding(s) or Host(s).

PROJECT TAGS

Project Tags are a special type category for tags. Use project tags to create a framework and timeline around remediation and users assigned to the finding.

In the Create Tag menu, set the Tag Type to Project, and fill in the other boxes below. Notice that when set to the Project tag type, a few new boxes pop up specifically for a project tag. "Start Date" and "Due Date"  are specific to Project tags to ensure that the user has a way to track remediation timelines of findings. More descriptions of the fields in this section are below.

  • Tag Type: Drop-down menu to categorize tags; good for filtering or starting project tags.

  • Name: Name of the tag (or project for project tags).

  • Description: (Optional) Additional tag description.

  • Priority (New): Scale of 1-5. Easy way to filter for high-priority tags/projects, if needed.

  • Owner: Creator of the tag.

  • Start Date (New): Project start date.

  • Due Date (New): Project end date.

  • Color: Another designation that can be applied to a tag

  • Locked: Only the owner or owners can unlock the tag. Once locked, nobody (including the owner) can add/remove assets to this tag. The owner can unlock the tag to add additional hosts.

  • Propagate Asset Tag to All Findings: Unclick to only apply tag to the Asset. If Checked the tag will be applied across all findings on an Asset.

  • PCI: Once a project tag is set and saved as PCI, the date and its status as PCI cannot be changed. The PCI tag will then look at hosts and the corresponding scans for those assets. The FIRST scans will be reviewed by the tag and each asset’s findings will be tagged if they fall within the range set for the Project/PCI tag. After the date on the project passes, the tag will lock.

After clicking Submit, selected hosts and findings are applied to this new project tag as part of the project.