Create a Tag Rule

Required Tenable Vulnerability Management User Role: Scan Manager or Administrator

Required Tenable Vulnerability Management Permission: Can Edit, Can Use permission for applicable asset tags.

When you create or edit a tag to apply automatically, you must create and apply rules to the tag using tag rules filters. You can create a tag rule in either Basic or Advanced mode.

Caution: If you create a tag rule in Basic mode and then switch to Advanced mode, the rules you created appear in the Advanced mode format. However, if you switch from Advanced mode to Basic mode, Tenable Web App Scanning removes all rules from the rules section.

Note: When you create a tag from the Tagging page, you can select from a list of generic asset filters to create tag rules. If you want to create a tag based on filters that are specific to certain asset types, Tenable recommends that you create a tag from the Assets page, where you can select additional filters that are specific to each asset type.

For more information about applying tags automatically, see Considerations for Tags with Rules.

Before you begin:

Create or edit a tag.

To create and add a rule to a tag:

In the upper-left corner, click the button.

The left navigation plane appears.
In the left navigation plane, click Settings.

The Settings page appears.
In the left navigation, click Settings.

The Settings page appears.
Click the Tagging tile.

The Tags page appears. On this page, you can view your asset tag categories and values.

The Categories tab is active.
Click the Values tab.

The Values page appears, containing a table of all the tags on your Tenable Web App Scanning instance.
Click the Rules toggle to enable the rule settings.

The Rules section appears.

For each tag rule you want to create, do one of the following:

Note: Basic mode is active by default.

To create a tag rule in Basic mode:

In the Rules section, click Select Filters.

A drop-down box appears, listing the tag rule filter options.

Note: Each tag rule filter has different limits on the number of values you can apply to a single filter. For information about those limits, see Tag Rules Filters.
Select a filter.

The filter you select appears in the Rules section.
Click outside the drop-down box.

The drop-down box closes.
In the filter, click the button.

The filter expands.
In the first drop-down box, select the operator you want to apply to the filter.
In the second drop-down box, select or type one or more values for the filter.
Determine whether you want to Match Any or Match All assets:
In the Rules section, in the Match Any drop-down box, do one of the following:
- To apply the tag to assets that match any one of the defined rules, select Match Any.
  
  An OR operator appears between each rule.
  
  If an asset matches one or more of the filters defined in the tag rule, Tenable Web App Scanning applies the tag to that asset.
- To apply the tag only to assets that match all of the filters defined in the tag rule, select Match All.
  
  An AND operator appears between each rule.
  
  If an asset matches every individual filter defined within the rule, Tenable Web App Scanning applies the tag to that asset.
  
  Important: If you select Match All and separate the values by commas, Tenable Web App Scanning processes the string using OR logic, similar to the Match Any option.
(Optional) To create another rule, repeat the steps to create a tag rule in Basic mode.

To create a tag rule in Advanced mode:

In the Rules section, click Advanced.

A text box appears.
Place your cursor in the text box.

A drop-down box appears, listing the tag rule filter options.

Note: Each tag rule filter has different limits on the number of values you can apply to a single filter. For information about those limits, see Tag Rules Filters.

Note: If there is a typo in the tag rule, an error appears in the Rules box with a description of the issue.
Select or type the filter you want to apply.

Tip: You can use the arrow keys to navigate filter drop-down boxes, and press the Enter key to select an option.

The filter appears in the text box.

An operator drop-down box appears to the right of the filter.

Select one of the following operators. Available operators depend on the filter you select:

Note: If you want to filter on a value that starts with (') or ("), or includes (*) or (,), then you must wrap the value in quotation marks (").

Operator	Description
exists	Filters for items for which the selected filter exists.
does not exist	Filters for items for which the selected filter does not exist.
is equal to	Filters for items that match the filter value.
is not equal to	Filters for items that do not include the filter value.
is greater than is greater than or equal to	Filters for items with a value greater than the specified filter value. If you want to include the value you specify in the filter, then use the is greater than or equal to operator.
is less than is less than or equal to	Filters for items with a value less than the specified filter value. If you want to include the value you specify in the filter, then use the is less than or equal to operator.
within last	Filters for items with a date within a number of hours, days, months, or years before today. Type a number, then select a unit of time.
after	Filters for items with a date after the specified filter value.
before	Filters for items with a date before the specified filter value.
older than	Filters for items with a date more than a number of hours, days, months, or years before today. Type a number, then select a unit of time.
is on	Filters for items with a specified date.
between	Filters for items with a date between two specified dates.
contains	Filters for items that contain the specified filter value.
does not contain	Filters for items that do not contain the specified filter value.
wildcard	Filters for items with a wildcard () as follows: Begin or end with* – Filters for values that begin or end with text you specify. For example, to find all values that begin with "1", type 1. To find all values that end in "1", type 1. Contains –Filters for values that contain text you specify. For example, to find all values with a "1" between the first and last characters, type 1. Turn off case sensitivity – Filters for values without case sensitivity. For example, to search for findings with a Plugin Name of "TLS Version 1.2 Protocol Detection" or "tls version 1.2 protocol detection", type *tls version 1.2 protocol detection.

Where applicable, to the right of the operator, select or type a value for the filter.

Tip: Some text filters support the character (*) as a wildcard to stand in for a section of text in the filter value. For example, if you want the filter to include all values that end in 1, type *1. If you want the filter to include all values that begin with 1, type 1*.

You can also use the wildcard operator to filter for values that contains certain text. For example, if you want the filter to include all values with a 1 somewhere between the first and last characters, type *1*.
Press the Space key.

A CONDITIONS drop-down box appears, with AND and OR as options:
- Select OR to "match any" assets tagged by the rule. If an asset matches one or more of the filters defined in the tag rule, Tenable Web App Scanning applies the tag to that asset.
- Select AND to "match all" assets tagged by the rule. If an asset matches every individual filter defined within the rule, Tenable Web App Scanning applies the tag to that asset.
  
  Important: If you select AND and separate the values by commas, Tenable Web App Scanning processes the string using OR logic, similar to the OR option.
(Optional) To create more rules for the tag, repeat steps c-f.

Click Save.

Tenable Web App Scanning creates the rule and applies it to the tag.

Tip: When you create a tag, Tenable Web App Scanning automatically creates and assigns "Tag:value owner permissions" that allow you to manage the tag. If you are an administrator, you can give other users or groups this permission via the Permissions page.