Unsupported content This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Managing tags for vulnerabilities and assets


New in 3.0.01 You can associate a tag with a combination of vulnerability and asset. A tag is a key/value pair. For example, a tag could be called Services and its potential values could be a list of services. Certain values could be applied to an asset and vulnerability pair that supports the related services. When you import a tag, it is associated with an asset (SCAN HOST column on the Assets page), and not a target (Name column on the Assets page).

You can view a list of tags associated with a combination of vulnerabilities and assets that are present in the system, on the Tags tab of the Administration page. This page also shows the tags that are associated only with assets. 

Note

If a tag associated with an asset already exists in the system, you cannot import a tag with the same name and associate it with a combination of vulnerability and asset.

The Assets page and Exception Management page shows only the tags that are associated with assets, not the tags that are associated with a combination of vulnerability and asset.

This topic describes how to associate tags with a combination of vulnerability and asset. 

Formatting tag files

To be certain the CSV files you want to import are properly formatted, download the template file, attached to this page.

Vulnerability and asset template

The vulnerability and asset template uses the following format:

Hostname

IP Address 

Domain Name

Vulnerability Name

CVE IDs

Tag Name

Tag Value

vl-pun-01

xxx.xxx.xxx.xxx

calbro.com

Red Hat Update for axis

CVE-2014-3596

Application

Banking

vl-hou-01

xxx.xxx.xxx.xxx

calbro.com

Red Hat Update for Firefox

CVE-2015-9716, CVE-2015-2708

Owner

Joe; Betty

vw-aus-01

xxx.xxx.xxx.xxx

calbro.com

Red Hat Update for procmail

CVE-2014-3618

Services

Facilities

Each tag (Tag Name and Tag Value) is associated with a combination of vulnerability and asset identified by the first five columns. Not all five columns are mandatory. If you do want to provide value in one of the columns, leave the value cell blank and retain the column header.  

The following are valid combinations to identify a vulnerability and asset pair:

  • Hostname, IP Address, Domain Name, Vulnerability Name, CVE IDs
  • Hostname, IP Address, Domain Name, Vulnerability Name
  • Hostname, IP Address, Domain Name, CVE IDs
  • Hostname, IP Address, Vulnerability Name
  • Hostname, IP Address, CVE IDs
  • Hostname, Domain Name, Vulnerability Name
  • Hostname, Domain Name, CVE IDs
  • Hostname, Vulnerability Name
  • Hostname, CVE IDs
  • IP Address, Vulnerability Name
  • IP Address, CVE IDs

Values in the Tag Name and Tag Value columns are mandatory. 

If there are multiple values for a tag, separate them with semicolons.

Note

If a tag value contains double quotes, escape the double quote with another double quote and enclose the entire tag values string within double quotes. For example, the following tag values:

Server "DELETED" 1; Server 2

Should be added as:

"Server ""DELETED"" 1; Server 2"

Importing tags

When importing tags, remember the following basic concepts:

  • If a vulnerability name contains any special characters (for example, comma or space), enclose the name in double quotation marks.
  • If you provide both vulnerability name and CVE IDs, vulnerability name is considered for import and tagging. If you do not provide the name, CVE IDs are considered for tagging.
  • Each tag name or tag value in the import file must be a maximum of 255 characters. 
  • You can tag all the assets for a given vulnerability by specifying ALL in the HostnameIP Address and Domain Name columns.
  • Tag keys are automatically converted to upper case. Tag key values can be mixed case. For example, "Oracle DB" and "oracle DB" are considered to be the same value.
  • An import will not affect existing tags and their values if the new import does not include that tag. You can import the same tag file repeatedly without affecting the tags defined in your system.
  • An import with a particular tag/value pair will overwrite the same tag/value pair if it already exists. For example, if a tag is called Owner and its current value is Betty and then you import the same tag with a value of Joe, the result is a tag called Owner and the value is Joe. 

    Note

    Starting from version 3.0.01, the result is a tag called Owner and its value is Betty, Joe.

  • A CSV file used to import tag data can use UTF-8 encoding.

When you import tags, you can monitor the progress of the import with the Activity Status window.

Sometimes a tag import may be only partially completed. If any lines in the CSV file are formatted improperly, those lines are skipped during the import while valid lines continue to be imported. In the Activity Status window, the More Information message for an import provides detailed error information about invalid lines. 

To import tags

In version 3.0.01, you can use the Vulnerability Tagging REST API to import tags that you want to associate with a combination of vulnerability and asset. When using the REST API to import the formatted tag file, attach the CSV file. 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*