Tag data flows

Hunters allows you to add an additional information layer to your connected data flows by adding tags to each Data flow. These tags can be used to add business-context to data flows and allow you to locate and monitor the right data flows without redundant hassle.

Once data flows are tagged, you can filter leads, alerts, and stories by data source tags.

📘Note

  1. You can add more than one tag per data flow.

  2. Data source tags are only supported for leads, alerts, clusters, and stories and not for raw data.

Tag data flows

Add and remove tags

To add and remove tags:

  1. On the Hunters platform, navigate to Data > Data Sources.
    Data sources1

  2. Drill down into the Data source (for instance AWS) to open the specific Data flow (for instance AWS CloudTrail).
    image.png

  3. Click the Set Data Tag box to open a list of existing tags.

  4. Check/uncheck the tag checkbox to add or remove the tag from the data flow.

Create a new tag

If you couldn't find a suitable existing tag, you can create a new one and assign it to the data flow.

To add a new tag:

  1. On the Hunters platform, navigate to Data > Data Sources.

  2. Drill down into the Data source (for instance AWS) to open the specific Data flow (for instance AWS CloudTrail).

  3. Click the + sign next to the Set Data Tag box.

  4. In the Create New Tag window, enter the tag name and click Create & Set New Tag.

Rename or delete a tag

You can rename a tag or delete it from the system altogether.

⚠️Attention

Renaming or deleting a tag will affect all the data flows associated with it.

To rename or delete tag:

  1. On the Hunters platform, navigate to Data > Data Sources.

  2. Drill down into the Data source (for instance AWS) to open the specific Data flow (for instance AWS CloudTrail).

  3. Click the Set Data Tag box to open a list of existing tags and then click ... to open more options.
     image.png

  4. To rename the tag, click Global Rename. To delete it, click Delete.

View leads, alerts, clusters and stories by tag

Once you've added tags to a data flow, it will appear across the platform on leads, alerts, clusters and stories. You can also filter your view to include only results from a data flow with a specific tag.

Filter view by tag

You can filter the SOC Queue, the Alerts page and the Stories page to display only results relevant to a specific data source tag.

Example: SOC Queue filter
image.png

View tag in leads, alerts, clusters and stories

Upon investigating leads, alerts, clusters and stories you can locate the data source tag which will provide you with additional context.

Example: data source tag in a threat cluster
image.png