Tag Details

You can click any tag to reveal details about that tag, including the set of conditions that is matched to traffic, the last time that set of conditions was detected, and the total number of samples matched to the tag.
For tags that you have created, you can edit tag details, including setting the visibility of the tag to be private, public, or anonymously public.
On the Tags page, click any tag to open the Tag Detail.
Tag Details
tag-search-2.png
(1) Search
To open a search based on the tag, click the
Search
icon.
(2) Edit
(3) Delete
Permanently delete at a tag. Deleted tags show a Tag Status of
removing
after being deleted until the deletion is complete (when the deletion is complete, the tag is no longer available in AutoFocus).
(4) Tag Visibility
(
Private Tags Only
) Share a tag with other AutoFocus users by making the tag
Public
. (You can also revert a tag you previously made public, back to a private tag).
By default, tags that you make public will list your organization as the tag Owner in the tag details. To change this default setting so that your organization is not listed as the owner of public tags, select
Settings
on the AutoFocus navigation pane and select
Share public tags anonymously
.
You cannot make a tag public if it has search conditions refer to private information about your sessions. The following Session Artifacts pertain to private information:
  • Device Hostname
  • Device Serial
  • Device vsys
  • Destination IP
  • Email Recipient Address
  • Email Charset
  • Email Sender Address
  • Email Subject
  • File Name
  • File URL
  • Recipient User ID
  • Source IP
The following General Artifacts may pertain to private session information:
  • Domain
  • Email Address
  • Filename
  • IP Address
  • URL
You also cannot make a tag public if it has a search condition that points to a custom App-ID you created (
Application
is
[custom App-ID]).
(5) Vote, Comment, and Report
You can Vote for, Comment on, and Report Tags. Tags with the visibility set to private (tags created by and visible only to your organization) do not display these options.
(6) Tag Information
Tag information is searchable and can include some or all of the following details:
  • Name—AutoFocus enforces unique tag names within an organization.
  • Scope—The tag type is either public, private, or Unit 42.
  • Tag Class—The Tag Class associated with the tag.
  • Source—Organization or individual that discovered the threat defined in the tag.
  • Created—The date and time that the tag was created.
  • Updated—The date and time that the tag was most recently modified.
  • Owner—Organization that created the tag.
  • # Samples—The total number of private and public samples matched to the tag.
  • Last Hit—The time at which the most recent sample matched to the tag was detected.
  • Votes—The number of up-votes the tag has received from the AutoFocus community.
  • Description—Summary of the threat that tag indicates.
  • Related Tags—Tags that share certain conditions, or might indicate similar types of threats.
  • Alias—Other names that might refer to threat that the tag defines. You can search on a tag alias to find all samples matched to tags with that alias.
  • References—External references provide more information or context for the threat that the tag identifies.
  • Groups—A list of groups that the selected tag is a part of.
(7) Tag Conditions
  • Lists all the conditions against which samples are evaluated.
    Note that a tag can have multiple sets of conditions, but a sample only has to match one set of conditions for it to be marked with the tag.
  • Search based on a single set of tag conditions:
    Click the
    Search
    icon in the Actions column to the right of the condition for which you want to open a search.
    Because you cannot edit the conditions defined for an existing tag, use this option to add conditions from an existing tag to the search editor, modify the conditions, and create a new tag.
  • Delete a single set of tag conditions:
    Click the
    Trash
    icon in the Actions column to delete the set.
  • Search with all tag conditions:
    Click the
    Search All
    icon after the last set of tag conditions to add all of the tag conditions to a new search.
Next Steps...

Recommended For You