Tag assets

  • Updated on Mar 7, 2025
  • Published on Jun 5, 2023

💡Before you start

Learn more about asset tags and how they work here.

🚧Note

Asset tagging will only be applied to new security events, and not retroactively.

Working with asset tags

Create a new asset tag

  1. In the Hunters console, navigate to Knowledge Center > Tags.
     image

  2. Click New Tag at the top right corner.
    imageA new line opens.

  3. Name your new asset tag and give it a short description.

  4. Under Identifier, define which assets will be tagged by creating an identifying rule. Use the following identifier types:

    Tag Identifier

    Description

    Examples

    Equals

    An asset that will be tagged by the exact value.

    username = admin will tag any attribute with the kind username and the value admin. It is important to note that admin1 or _admin will not be tagged, since they do not match the condition.

    Like (case insensitive)

    Tagging any assets with a similar naming pattern, used with the character %

    hostname = DC-% will tag any attribute with the kind hostname with a value that begins with the wildcard character DC-%.

    CIDR

    Entire network segments will be tagged with CIDR notation. Supports IPv6 as well as IPv4.

    192.168.1.0/24

    2001:0000:130F:0000:0000:09C0:876A:130B

    📘 Note

    A single tag can have multiple identifiers, from multiple types.

  5. Define the Sensitivity level that will be assigned to each asset with this tag (Critical/High/Neutral/Low).

  6. Once done, click Save.

📘 Learn more

You can create an asset tag straight from the lead, by clicking the arrow next to the lead attribute and then clicking Add Asset Tag.
image

Assign an existing asset tag to an asset

  1. When investigating a lead, find the asset you want to tag.

  2. Click the arrow next to the lead attribute and then click Add Asset Tag.
    image

  3. From the radio button, select Assign to an existing asset tag.
    Assign asset tag

  4. Click Assign next to the relevant tag.

Common Use-Cases

High Profile Roles

In many organizations, the compromise of a high profile employee may put the entire business at risk due to the level of access to confidential information this employee may have. Here are some recommended use-cases for asset tagging for high profile employees

Example: C-Level Employee
A common use case is tagging C-Level executives, as can be seen in the example below.
image

Crown Jewels

Some common use cases are for applying asset tags on critical assets, either in the form of a hostname (using a pattern of the organizational naming convention for hosts) or through the use of a network subnet (e.g., a subnet critical application databases).

Example: Hostname
A common use case is tagging critical hosts by their hostname.
image

Example: Network Subnet
An additional common use case is also tagging critical hosts by their subnet.
image

Attack Simulation Tools

Just like the severity can be increased if a critical asset is involved in a lead, you can also use Asset Tagging to reduce the severity of a lead. A common use case is tagging BAS (Breach and Attack Simulation) tools in your environment, thereby helping your SOC focus on true positives rather than known testing activities.
image