Hey all, I wanted to share this helpful use case for our new auto tagging feature in ASM.
This workflow for auto tagging is useful for teams that use ASM to monitor and investigate potentially risky web assets. It’ll save your team time and manual asset administration.
You’ll need:
- A set of tags to help manage inventory asset assignment and investigation among your team. For example:
unassigned
In Progress - MattK
In Progress - Pat
In Progress - Steph
- A query that you can use to find and categorize assets with high or critical risks and parse assignment via tag. For example:
risks.severity: {critical, high} and not tags: "In Progress *"
To operationalize this:
- Save your query.
- Set up an auto tagging automation for your saved query.
- In the Tag on: section, check the box to enable the query to tag on Any REMOVED asset as well as new assets.
- In the Add Tag section, add your
unassigned
tag. - Click save.
- In the Tag on: section, check the box to enable the query to tag on Any REMOVED asset as well as new assets.
When your query first runs, it will assign the unassigned
tag to any inventory assets with high or critical risks that lack an In progress - sname]
tag. Going forward, assets newly added to the query results will receive the unassigned
tag automatically.
As your team goes through unassigned
assets and assigns them using the In progress - sname]
tags, auto tagging will automatically remove the unassigned
tags and they can focus on investigation and remediation.
I hope this helps you save time and keep your teams focused!