Managing tags for vulnerabilities and assets
NEW IN 3.0.01 You can associate a tag with a combination of vulnerability and asset. A tag is a key/value pair. For example, a tag could be called Services and its potential values could be a list of services. Certain values could be applied to an asset and vulnerability pair that supports the related services. When you import a tag, it is associated with an asset (SCAN HOST column on the Assets page), and not a target (Name column on the Assets page).
You can view a list of tags associated with a combination of vulnerabilities and assets that are present in the system, on the Tags tab of the Administration page. This page also shows the tags that are associated only with assets.
- If a tag associated with an asset already exists in the system, you cannot import a tag with the same name and associate it with a combination of vulnerability and asset.
- The Assets page and Exception Management page shows only the tags that are associated with assets, not the tags that are associated with a combination of vulnerability and asset.
This topic describes how to associate tags with a combination of vulnerability and asset.
Formatting tag files
To be certain the CSV files you want to import are properly formatted, download the template file, attached to this page.
Vulnerability and asset template
The vulnerability and asset template uses the following format:
|Vulnerability Name||CVE IDs|
|Red Hat Update for axis||CVE-2014-3596|
|Red Hat Update for firefox|
|Red Hat Update for procmail|
Each tag (Tag Name and Tag Value) is associated with a combination of vulnerability and asset identified by the first five columns. Not all five columns are mandatory. If you do want to provide value in one of the columns, leave the value cell blank and retain the column header.
The following are valid combinations to identify a vulnerability and asset pair:
- Hostname, IP Address, Domain Name, Vulnerability Name, CVE IDs
- Hostname, IP Address, Domain Name, Vulnerability Name
- Hostname, IP Address, Domain Name, CVE IDs
- Hostname, IP Address, Vulnerability Name
- Hostname, IP Address, CVE IDs
- Hostname, Domain Name, Vulnerability Name
- Hostname, Domain Name, CVE IDs
- Hostname, Vulnerability Name
- Hostname, CVE IDs
- IP Address, Vulnerability Name
- IP Address, CVE IDs
Values in the Tag Name and Tag Value columns are mandatory.
If there are multiple values for a tag, separate them with semicolons.
If a tag value contains double quotes, escape the double quote with another double quote and enclose the entire tag values string within double quotes. For example, the following tag values:
Server "DELETED" 1; Server 2
Should be added as:
"Server ""DELETED"" 1; Server 2"
When importing tags, remember the following basic concepts:
- If a vulnerability name contains any special characters (for example, comma or space), enclose the name in double quotation marks.
- If you provide both vulnerability name and CVE IDs, vulnerability name is considered for import and tagging. If you do not provide the name, CVE IDs are considered for tagging.
- Each tag name or tag value in the import file must be a maximum of 255 characters.
- You can tag all the assets for a given vulnerability by specifying ALL in the Hostname, IP Address and Domain Name columns.
- Tag keys are automatically converted to upper case. Tag key values can be mixed case. For example, "Oracle DB" and "oracle DB" are considered to be the same value.
- An import will not affect existing tags and their values if the new import does not include that tag. You can import the same tag file repeatedly without affecting the tags defined in your system.
An import with a particular tag/value pair will overwrite the same tag/value pair if it already exists. For example, if a tag is called Owner and its current value is Betty and then you import the same tag with a value of Joe, the result is a tag called Owner and the value is Joe.
Starting from version 3.0.01, the result is a tag called Owner and its value is Betty, Joe.
- A CSV file used to import tag data can use UTF-8 encoding.
When you import tags, you can monitor the progress of the import with the Activity Status window.
Sometimes a tag import may be only partially completed. If any lines in the CSV file are formatted improperly, those lines are skipped during the import while valid lines continue to be imported. In the Activity Status window, the More Information message for an import provides detailed error information about invalid lines.
To import tags
In version 3.0.01, you can use the Vulnerability Tagging REST API to import tags that you want to associate with a combination of vulnerability and asset. When using the REST API to import the formatted tag file, attach the CSV file.