Tag Reset
Tag Reset is a backend connector level setting that Cisco Support or the CX team can enable. This option can assist with refreshing tags on assets in Cisco Vulnerability Management.
Important: Due to some caveats that can occur when this is enabled, it is highly recommended that you discuss this feature with your CX team prior to enabling.
How It Works
Important: When a connector run occurs with Tag Reset enabled, because assets are processed in the connector run, all tags on a seen asset are deleted including tags that other connectors added. Only tags from that specific connector are then reapplied to that asset.
Things to Consider
-
If you have tags on an asset from multiple connectors or you have created any manual tags in Cisco Vulnerability Management, those tags will be deleted when the connector with Tag Reset enabled runs. You would need to re-run any other connectors or scripts that brought in any other tags on that asset. Any manual tags would not be re-created and you would need to manually re-create them. It is not recommended to use Tag Reset if you have tags coming in from multiple sources on a single asset or you plan on using manual tags in Cisco Vulnerability Management.
-
If you have tag-based risk groups and Tag Reset enabled, when the connector run occurs, any assets that had tags deleted will fall out of those risk groups until the tags are re-applied.
-
Some connectors leverage incremental data pulls (such as Qualys, Tenable*, and ServiceNow CMDB) and might not bring in all refreshed tags on assets that have not recently been scanned. A full connector run would be needed to refresh those tags on assets not seen recently. In most cases, Cisco Support or CX must start a full connector run.
Tag Purge Alternative to Tag Reset
If you have tags on an asset coming from multiple sources (connectors and scripts) an alternative approach would be to use scheduled tag purges on your instance. You can use a support ticket to request a tag purge. During the tag purge, all tags on all assets would be deleted. All connector runs would need to be started following the tag purge to bring in all of the refreshed tag data. Any scripts that brought in You would also have to re-run any scripts that brought in tags.
*The Tenable API Importer Connector can enable incremental connector runs. If this is something you are interested in, contact the CX team.
Comments
Please sign in to leave a comment.