Asset Tags - The Basics

Selecting tags

For Scans

For Remediation

For Reports

With Asset Search


Check out this video on using asset tags:


I don't see asset tags. How do I get this feature?

The option to use tags is available only when the Asset Tagging feature has been added to your subscription by an account manager or support. Also a Manager must enable Asset Tagging by opting in to the New Data Security Model. A Manager can do this by going to Users > Setup > Security. Once properly set up, you'll notice AssetView appears in your application picker. Learn more

How do I add tags to my target?

Click the Add Tag link. The tag selector appears with your most recent tags and favorite tags displayed for your convenience. To find a tag, begin typing the tag name in the Search field. The service will dynamically display tags that match your entry. Click a tag to select it. Click outside the tree to add the selected tags. The example below shows the tags Win2003 and Windows XP selected. Show meShow me

Tag selector

Tell me about the "Any" and "All" options

Select "All" to include hosts that match all of the tags listed. Select "Any" to include hosts that match at least one of the tags listed. For example, let's say you've selected tags US-West Coast, Windows XP and Port80. If you pick All then only hosts that have all three tags will be included. If you pick Any then hosts that have at least one of the tags will be included.

How do I exclude hosts using tags?

Add tags to the "Do not include" section under "Use IP Network Range Tags For Exclude". For example, you might include a tag called US-West Coast and exclude the tag California. Any host that has the California tag will be excluded from the scan even if it also has the US-West Coast tag.

How do I select asset tags to scan?

When specifying target hosts, select the option "Tags" and then add one or more asset tags for the hosts you want to scan. All tags available in your subscription will be displayed since all tags are available to all users. At scan time, we'll identify the hosts that match your tag selection. Hosts that are not in your account will be filtered out and will not be scanned.

Tell me about scanning tags with IP addresses

You have the option to scan all IP addresses defined in tags. You do this by selecting the option "Use IP Network Range Tags Include" and then adding tags from the tag selector. Only tags with the dynamic IP address rule (called "IP Address In Network Range(s)") can be added when this option is selected. Show me a sample use caseShow me a sample use case

Sample Use Case:

Let's say you have a tag called My Network with the IP range 172.31.254.0-172.31.254.25. You've scanned IPs 172.31.254.10 and 172.31.254.20 before and so these hosts have the My Network tag assigned. The other IPs in the range have not been scanned before and do not have the tag.

Select the option "Use IP Network Range Tags Include" and add the My Network tag to scan the entire IP range 172.31.254.0-172.31.254.25. Hosts in the range that are scanned for the first time will be applied the tag automatically.

If you do not select the option "Use IP Network Range Tags Include", then only hosts 172.31.254.10 and 172.31.254.20 will be scanned because these hosts have been scanned before.

Why can't I select certain tags for my scan?

When the "Use IP Network Range tags" option is checked then you may only choose tags that have the IP address rule defined. All other tags will be grayed out and cannot be selected.

Select tags in authentication records

When Tag Support for Authentication Records is enabled for your subscription, then you'll have the option to add asset tags to Windows and Unix authentication records to define the target hosts. At scan time, we’ll resolve the asset tags in the record to IP addresses in your account and scan them using the login credentials defined in the record.  Learn more

How do I select asset tags for my policy?

When specifying rule conditions, select the option "Tags" and then add one or more asset tags for the hosts you want to include in the rule. All tags available in your subscription will be displayed since all tags are available to all users. If you need to include cloud agent, use "Cloud Agent" tag. When processing scan results, we'll identify the hosts that match your tag selection and compare the results to your remediation policy rule.

How to include IP range(s) using tags

Like with scans, the "Use IP Network Range Tags Include" option lets you select tags with IP address rules. For each tag you select, we'll include the entire IP range (or IP ranges) defined in the tag rule, and we'll evaluate the remediation policy against any scanned host in the IP range(s).

How to exclude IP range(s) using tags

The "Use IP Network Range Tags Exclude" option lets you select tags with IP address rules. For each tag you select, we'll exclude the entire IP range (or IP ranges) defined in the tag rule from scan.

How do I select asset tags for my report

Under Report Source, select one or more tags for the hosts you want to report on. All asset tags available in your subscription will be displayed since all tags are available to all users. When the report runs, we'll resolve the tags to hosts and report only on hosts that are in your account. For Policy reports, only hosts that are included in the selected policy are included in the report.

Which reports support asset tag selection?

You can use asset tags for: Authentication Report, Scan Report, Patch Report, Template Based Compliance Report and Remediation Report, Most Prevalent Vulnerabilities Scorecard Report and Most Vulnerable Hosts Scorecard Report. For a template-based Scan Report, the report template must be configured to include host-based findings.

Tell me about tags displayed in my report

Tags appear in template-based scan reports when tags are used to generate the report. For each host in the report, you’ll see the tag(s) that matched the tags specified in the Report Source as well as other tags assigned to the host.

For example, let's say host 10.10.10.65 has these 3 tags assigned: 10.10.10-network, Linux and Milwaukee. Milwaukee is a child tag of USA. If you run a report on the tag USA then host 10.10.10.65 appears in the report (since it is the parent tag of Milwaukee) and the tags listed for this host are USA, 10.10.10-network, Linux and Milwaukee.

How do I search for hosts using tags?

Go to Assets > Asset Search. Under "Search for" select the option "Tags" and then add one or more asset tags. Under "With the following attributes" define the search attributes you'd like to use to find hosts.

How do I create new tags from asset search?

Go to Assets > Asset Search. Under "Search for" select the option "Assets" and add the hosts you want to search. Under "With the following attributes" define the search attributes you'd like to use. Then use one of these methods to create your tag:

1) On the Asset Search tab, click the Create Tag button.

2) In the Asset Search Report, click the Create Tag button.

What happens next? We'll create the new the tag with a dynamic tagging rule based on your search criteria. Within the Asset Tagging application, the new tag appears in your tag tree as a sub-tag below the "Asset Search Tags" parent tag. The new tag is automatically assigned to all scanned assets in your account that match your search criteria.

Tell me about tags displayed in my asset search results

Tags appear for each host in your asset search results when tags are used in the search. For each host in the results, you’ll see the tag(s) that matched the tags specified in the search criteria as well as other tags assigned to the host.

For example, let's say host 10.10.10.65 has these 3 tags assigned: 10.10.10-network, Linux and Milwaukee. Milwaukee is a child tag of USA. If you do a search for the tag USA then host 10.10.10.65 is returned in the results (since it is the parent tag of Milwaukee) and the tags listed for this host are USA, 10.10.10-network, Linux and Milwaukee.