Guidelines for using Tag Reset and Tag Purge

Tag Reset

Tag Reset is a backend connector level setting that can be enabled by Support or the CX team. This option can assist with refreshing tags on assets in Cisco Vulnerability Management.

Important: Due to some caveats that can occur when this is enabled, it is highly recommended that you discuss this feature with your CX team prior to enabling.

How It Works

Important: When a connector run occurs with Tag Reset enabled, as assets are processed in the connector run, ALL tags on a seen asset are deleted including tags added by other connectors. Only tags from that specific connector are then reapplied to that asset.

Things to Consider

  • If you have tags on an asset from multiple connectors or created any manual tags within Cisco Vulnerability Management, those tags will be deleted when the connector with Tag Reset enabled runs. You would need to re-run any other connectors or scripts that brought in any other tags on that asset. Any manual tags would not be re-created and would need to be manually re-created by the user. It is not recommended to use Tag Reset if you have tags coming in from multiple sources on a single asset or plan on using manual tags within Cisco Vulnerability Management.

  • If you have tag-based risk groups and Tag Reset enabled, when the connector run occurs, any assets that had tags deleted will fall out of those risk groups until the tags are re-applied.

  • Some connectors leverage incremental data pulls (Qualys, Tenable*, SNOW CMDB, etc) and may not bring in all refreshed tags on assets that have not recently been scanned. A Full Connector run would be needed to refresh those tags on assets not seen recently. Full Connector runs must be kicked off by Support or CX.

Tag Purge Alternative to Tag Reset

If you have tags on an asset coming from multiple sources (connectors & scripts) an alternative approach would be to use scheduled Tag Purges on your instance. Requesting Tag Purges is done by way of a Support ticket. During the Tag Purge, ALL tags on ALL assets would be deleted. All Connector runs would need to be kicked off following the tag purge to bring in all of the refreshed tag data. Any scripts that brought in tags would also need to be re-run by the customer.

*The Tenable API Importer Connector has the ability to enable incremental connector runs. If this is something you are interested in, please contact the CX team.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.