Create a Tag Rule

Required Tenable Vulnerability Management User Role: Scan Manager or Administrator

Required Tenable Vulnerability Management Permission: Can Edit, Can Use permission for applicable asset tags.

When you create or edit a tag to apply automatically, you must create and apply rules to the tag via tag rules filters. You can create a tag rule in either Basic or Advanced mode.

Caution: If you create a tag rule in Basic mode and then switch to Advanced mode, the rules you created appear in the Advanced mode format. However, if you switch from Advanced mode to Basic mode, Tenable Vulnerability Management removes all rules from the rules section.

Note: When you create a tag from the Tagging page, you can select from a list of generic asset filters to create tag rules. If you want to create a tag based on filters that are specific to certain asset types, Tenable recommends that you create a tag from the Assets page, where you can select additional filters that are specific to each asset type.

For more information about applying tags automatically, see Considerations for Tags with Rules.

Before you begin:

• Create or edit a tag.

To create and add a rule to a tag:

1. In the upper-left corner, click the button.

   The left navigation plane appears.

2. In the left navigation plane, click Settings.

   The Settings page appears.

3. Click the Tagging tile.

   The Tags page appears. On this page, you can view your asset tag categories and values.

   The Categories tab is active.

4. Click the Values tab.

   The Values page appears, containing a table of all the tags on your Tenable Vulnerability Management instance.

5. Click the Rules toggle to enable the rule settings.

   The Rules section appears.

6. For each tag rule you want to create, do one of the following:

   Note: Basic mode is active by default.

   To create a tag rule in Basic mode:

   1. In the Rules section, click Select Filters.

      A drop-down box appears, listing the tag rule filter options.

      Note: Each tag rule filter has different limits on the number of values you can apply to a single filter. For information about those limits, see Tag Rules Filters.

   2. Select a filter.

      The filter you select appears in the Rules section.

   3. Click outside the drop-down box.

      The drop-down box closes.

   4. In the filter, click the button.

      The filter expands.

   5. In the first drop-down box, select the operator you want to apply to the filter.

   6. In the second drop-down box, select or type one or more values for the filter.

   7. (Optional) To create another rule, repeat the steps to create a tag in Basic mode.

   8. (Optional) To create another rule:
      

      1. Repeat the steps to create a tag rule in Basic mode.

      2. In Rules section, in the Match Any drop-down box, do one of the following:

         • To apply the tag to assets that match any of the rules, select Match Any.

           An OR operator appears between each rule, and Tenable Vulnerability Management applies the tag to assets that meet any of the rules specified in the tag.

         • To apply the tag to only assets that match all of the rules, select Match All.

           An AND operator appears between each rule.

           Tenable Vulnerability Management applies the tag to only assets that meet all of the rules specified in the tag.

   To create a tag rule in Advanced mode:

   1. In the Rules section, click Advanced.

      A text box appears.

   2. Place your cursor in the text box.

      A drop-down box appears, listing the tag rule filter options.

      Note: Each tag rule filter has different limits on the number of values you can apply to a single filter. For information about those limits, see Tag Rules Filters.

      Note: If there is a typo in the tag rule, an error will appear in the Rules box with a description of the issue.

   3. Select or type the filter you want to apply.

      Tip: You can use the arrow keys to navigate filter drop-down boxes, and press the Enter key to select an option.

      The filter appears in the text box.

      An operator drop-down box appears to the right of the filter.

   4. Select one of the following operators, which are contextual based on the selected filter:

      Note: If you want to filter on a value that starts with (') or ("), or includes (*) or (,), then you must wrap the value in quotation marks (").

   Operator	Description
   exists	Filters for items for which the selected filter exists.
   does not exist	Filters for items for which the selected filter does not exist.
   is equal to	Filters for items that match the filter value.
   is not equal to	Filters for items that do not include the filter value.
   is greater than is greater than or equal to	Filters for items with a value greater than the specified filter value. If you want to include the value you specify in the filter, then use the is greater than or equal to operator.
   is less than is less than or equal to	Filters for items with a value less than the specified filter value. If you want to include the value you specify in the filter, then use the is less than or equal to operator.
   within last	Filters for items with a date within a number of hours, days, months, or years before today. Type a number, then select a unit of time.
   after	Filters for items with a date after the specified filter value.
   before	Filters for items with a date before the specified filter value.
   older than	Filters for items with a date more than a number of hours, days, months, or years before today. Type a number, then select a unit of time.
   is on	Filters for items with a specified date.
   between	Filters for items with a date between two specified dates.
   contains	Filters for items that contain the specified filter value.
   does not contain	Filters for items that do not contain the specified filter value.
   wildcard	Filters for items with a wildcard (*) as follows: Begin or end with – Filters for values that begin or end with text you specify. For example, to find all values that begin with "1", type 1*. To find all values that end in "1", type *1. Contains –Filters for values that contain text you specify. For example, to find all values with a "1" between the first and last characters, type *1*. Turn off case sensitivity – Filters for values without case sensitivity. For example, to search for findings with a Plugin Name of "TLS Version 1.2 Protocol Detection" or "tls version 1.2 protocol detection", type *tls version 1.2 protocol detection.

   To the right of the operator, select or type a value for the filter.

   Tip: Some text filters support the character (*) as a wildcard to stand in for a section of text in the filter value. For example, if you want the filter to include all values that end in 1, type *1. If you want the filter to include all values that begin with 1, type 1*.

   You can also use the wildcard operator to filter for values that contains certain text. For example, if you want the filter to include all values with a 1 somewhere between the first and last characters, type *1*.

   5. (Optional) To create more rules for the tag:

      1. Press the Space key.

         A modifier drop-down box appears, with AND and OR as options.

      2. Select a modifier.

      3. Press the Space key.

         A drop-down box appears listing the tag rule filter options.

      4. Repeat the steps to create a tag rule in Advanced mode.

7. Click Save.

   Tenable Vulnerability Management creates the rule and applies it to the tag.