Tags Page: Overview

A high-level overview of the Tags page in RiskSense.

The Tags view provides a single pane of glass to drive effective remediation and track remediation efforts by projects, regulatory compliance, configuration management databases (CMDB), or other use cases. This page allows users to tag vulnerability findings, hosts, web applications, or databases to create custom groupings that users can track through remediation. The RiskSense platform lets managers and group managers create new tags that define remediation projects with a specific duration. They may then explicitly tag host and web application vulnerabilities that will be included within the project's priorities and scope of remediation efforts. Project owners may also choose to add new vulnerabilities dynamically to a project, automatically adding new vulnerabilities discovered for selected hosts or web applications.

The Tags page allows for displaying, creating, editing, and deleting tags, including a new tag type for RiskSense Tag projects. The page also provides a summary of activities involving all previously created tags.

Navigate to the Manage > Tags page.

Manage - Remediation - Tags

Within the Tags view, we have several navigation points to review.

Page Action Boxes

  • Refresh ( ): Refresh the page within the platform.
  • Export: Export the tags and the information within Tags.
  • Create: Create a new tag.
  • Edit: Edit a tag and its details; the owner must unlock it to do this.
  • Delete: Delete a tag.

Column Headers

  • Checkbox: Checking a tag allows the tag to be edited and opens a detail window on the right-hand side with all the tag information, metrics, and history.
  • Read Only: If the tag imports from a scanner, this would be Read Only (true); any RS/user-created tag is false.
  • Locked: Indicate if the tag owner has locked the tag from other users editing the tag or its finding applications.
  • Color: Color assigned to the tag during its setup.
  • Tag Type: The type of tag–Compliance, Location, Custom, Remediation, People, Project, Scanner, CMDB, and Ticket.
  • Owner: The RiskSense user who set up the tag.
  • Name: Tag name.
  • Description: (Optional) The description the owner entered about the tag’s purpose.
  • Priority: (Project tags only) Priority setting 1-5 (5 being the highest priority).
  • Start Date: (Project Tags Only) Date set for the project to start that also factors into Planned Variance and Scheduled Variance calculations.
  • Due Date: End date of the project that also factors into calculations for Planned Variance and Scheduled Variance

  • % Complete: Percentage of total findings with the tag that have been remediated.
  • Days Remaining: Relates to start date and due date; shows how many days are left to complete the project based on the
  • Open Findings: Number of findings within the tag that are still unresolved.
  • Host Findings: Open host findings with this tag.
  • App Findings: Open application findings with this tag.
  • DB Findings: Open findings on the database.
  • Earned Value (EV): Number of findings within the tag that are closed at this time.
  • Planned Value (PV): How many findings should be closed/remediated per day to stay on track (Example: We have 100 findings to remediate in 25 days; the PV would be 4 (four per day need to be remediated).
  • Schedule Variance (SV): Calculates how “on track” a project is to on-time completion, how many findings ahead or behind a project is, looking towards PV/Planned Value (Example: If the team is supposed to remediate four findings per day, and I only remediate three per day…on day 2 of my project, I would be -1. On Day 2, I would be -2. If on Day 3, if I do nothing at all, I would be -6).  It could also be positive if remediations per day run ahead of schedule. This will be 0 if remediations are right on track (Example: We need to remediate four per day, and we remediate four per day).
  • Schedule Performance Index (SPI): A scale to show how on track a remediation project is. If everything is on track, SPI=1.00. Ahead of schedule would go above 1; behind schedule would fall below 1.
  • Assigned Users: This shows all users assigned to findings with this tag.

  • Data Refresh: All updates before timestamp included in tag data.
  • Created: Tag creation timestamp.
  • Updated: The last time the tag itself was updated (owner added, locked/unlocked, name change, etc.).
  • Assigned: Total findings assigned to a user.
  • Unassigned: Total findings not assigned to a user.
  • Accepted: Total findings in an Accepted state.
  • False Positive: Total findings in a False Positive state.
  • Attachment: Total attachments associated with the tag.
  • Propagation: Denotes if the asset tag should be applied to all its findings.
  • PCI: Denotes if the tag is a PCI tag.