What are Tags?
Metadata about assets are called Tags in Kenna. Some tags are automatically imported and added to assets when your connectors bring in asset and vulnerability data. This allows you to maintain a structure that you have already established within your scanner tools. Some common tags include Asset Groups and Tags from Qualys, Sites from Nexpose, Tags from Tenable and various data fields from ServiceNow CMDB such as Model Number, Location, Asset Tag, etc. Tags are very helpful for many customers in helping to filter and segregate data to build risk meters out.
Viewing Tags in Kenna
You can see what tags have been brought in by your various scanning tools within the Explore page. Below Asset Filters on the right hand side, you will see a section called Tags. This will display the tags that are in Kenna and the number of assets that have that tag applied. You can choose to sort the Tags list by the Count of Assets with the tag or alphabetically by Name. Please note that Kenna will only display the top 300 Tags that are applied to assets in the Tag list. All tags are imported and searchable in the Custom Query String box, but only 300 will be displayed in this list.
On an Asset
You can also view which tags are applied to an asset from within the Explore tab. You can add the tags section on the Assets tab by selecting it from the Display dropdown. You will then see the tags that reside on the asset in the Tags section.
Adding/Removing Tags in Kenna
Tags can also be added in Kenna manually. You can select one or more assets to apply the tags to within the Explore page. Once you have selected the assets, you will see a +Tags button appear.
Clicking that button will give you a text box where you can input the tag name you wish to apply to the assets.
Once you confirm the addition, the tags will be added to the assets as part of a background processing task.
Removing tags in Kenna is just like adding tags. You will select the asset(s) you wish to remove the tags from and then hit the X Tags button.
Click the red X next to the tag(s) you wish to remove. Once you do that, you will see the status bar indicating that the tags are being removed in the background.
Please note that if you remove tags from assets that come from your scanner they will be re-added once your connector runs again.
Using Tags in Searches
A very common function in Kenna is using tags to create risk meters or saved searches. From within the Explore page, you can use the Custom Query String box to search for assets that have certain tags. Searches can be on complete tag names, partial names with a wildcard, etc.
Some common search strings are:
This will search for any asset that has the tag Web Servers applied to it
This will search for any asset that has a tag with DMZ in the name
This will search for any asset that does not contain any tags
tag:(”DMZ” OR “Web Servers”)
This will search for any asset that contains a tag of DMZ or Web Servers
Saving Searches as a Risk Meter
Once you have searched for the assets you are looking for, you can click the Save Group button to save your search as a Risk Meter Group.
By saving a group based on Tag searches, any time a new asset gets added with that Tag (and matching the other criteria of the group) it will be automatically added to the risk meter.
Best Practices for Asset Tags
Discrepancies between tags in Kenna and your source tools should always be fixed at the source. Often times bringing tags in to Kenna and basing your risk meters on tags are a great way to clean up the tags in your scanning tools. This will help keep the tools consistent and clean.
Tags from Non-Connector Sources
Perhaps you have asset metadata that is stored internally in other tools that Kenna does not have connectors for. This data can be applied as tags on assets within Kenna by leveraging the API. We have a Tags API endpoint that can be used to list tags on an asset, add tags and remove tags. Please see the documentation here.
Tag Cleanups (Purge or Reset)
Within Kenna, once a tag comes in on an asset, it remains on that asset indefinitely. If you purge a tag in your scanner source, the tag will remain in Kenna on that asset. To remove a tag, or multiple tags, you can do so via the UI, API or request a Tag Purge or Tag Reset for a bulk cleanup in your Kenna instance. Tag Purge and Tag Reset can be requested by Support. To learn more, please read our article on Tag Reset and Tag Purge.