Tags Page: Overview

High-level overview of the Tags page.

The Tags view (formerly Collections Manager) provides a single pane of glass to drive effective remediation and track the progress of remediation efforts by projects, regulatory compliance, configuration management databases (CMDB), or other use cases. This page allows users to tag vulnerability findings, hosts, web applications, or databases to create custom groupings that can be tracked through remediation. The RiskSense platform lets managers and group managers create new tags that define remediation projects with a specific duration. They may then explicitly tag host and web application vulnerabilities that will be included within the priorities and scope of remediation efforts for the project. Project owners may also choose to add new vulnerabilities dynamically to a project, automatically adding new vulnerabilities discovered for selected hosts or web applications.

The Tags page allows for displaying, creating, editing, and deleting tags, including a new tag type for RiskSense Tag projects. The page also provides a summary of activity involving all previously created tags.

Navigate to the Settings (Settings Menu - Gear - Small) > Tags page.

Tags Menu Location

Within the Tags view, we have several navigation points to review.

Page Action Boxes

  • Refresh ( ): Refresh the page within the platform.
  • Export: Export the tags and the information within Tags.
  • Create: Create a new tag.
  • Edit: Edit a tag and its details; must be unlocked by owner to do this.
  • Delete: Delete a tag.

Column Headers

  • Checkbox: Checking a tag allows the tag to be edited and opens a detail window on the right-hand side with all the information about the tag, its metrics, and tag history.
  • Read Only: If tag imports from a scanner, this would be Read Only (true); any RS/user created tag is false.
  • Locked: Indicate if the owner of the tag has locked the tag from other users editing the tag or its finding applications.
  • Color: Color assigned to the tag during its setup.
  • Tag Type: The type of tag–Compliance, Location, Custom, Remediation, People, Project, Scanner, CMDB, and Ticket.
  • Owner: The RiskSense user who set up the tag.
  • Name: Tag name.
  • Description: (Optional) The description the owner entered about the tag’s purpose.
  • Priority: (Project tags only) Priority setting 1-5 (5 being highest priority).
  • Start Date: (Project Tags Only) Date set for the project to start that also factors into calculations for Planned Variance and Scheduled Variance.
  • Due Date: End date of project that also factors into calculations for Planned Variance and Scheduled Variance

  • % Complete: Percentage of total findings with the tag that have been remediated.
  • Days Remaining: Relates to start date and due date; shows how many days are left to complete the project based on the
  • Open Findings: Number of findings within the tag that are still unresolved.
  • Host Findings: Open host findings with this tag.
  • App Findings: Open application findings with this tag.
  • DB Findings: Open findings on the database.
  • Earned Value (EV): Number of findings within the tag that are closed at this time.
  • Planned Value (PV): How many findings should be closed/remediated per day to stay on track (Example: We have 100 findings to remediate in 25 days; the PV would be 4 (four per day need to be remediated).
  • Schedule Variance (SV): Calculates how “on track” a project is to on-time completion, how many findings ahead or behind a project is, looking towards PV/Planned Value (Example: If the team is supposed to remediate four findings per day, and I only remediate three per day…on day 2 of my project, I would be -1. On Day 2, I would be -2. If on Day 3, if I do nothing at all, I would be -6).  Could also be positive if remediations per day runs ahead of schedule. This will be 0 if remediations are right on track (Example: We need to remediate four per day, and we remediate four per day).
  • Schedule Performance Index (SPI): A scale to show how on track a remediation project is. If everything is on track, SPI=1.00. Ahead of schedule would go above 1; behind schedule would fall below 1.
  • Assigned Users: Shows all users assigned to findings with this tag.

  • Data Refresh: All updates prior to timestamp included in tag data.
  • Created: Tag creation timestamp.
  • Updated: The last time the tag itself was updated (owner added, locked/unlocked, name change, ect).
  • Assigned: Total findings assigned to a user.
  • Unassigned: Total findings not assigned to a user.
  • Accepted: Total findings in an Accepted state.
  • False Positive: Total findings in a False Positive state.
  • Attachment: Total attachments associated with the tag.
  • Propagation: Denotes if the asset tag should be applied to all its findings.
  • PCI: Denotes if the tag is a PCI tag.