Auto-tagging allows the firewall or Panorama
to tag a policy object when it receives a log that matches specific
criteria and establish IP address-to-tag or user-to-tag mapping.
For example, when the firewall generates a threat log, you can configure
the firewall to tag the source IP address or source user in the
threat log with a specific tag name. You can then use these tags
to automatically populate policy objects such as dynamic user groups
or dynamic address groups, which can then be used to automate security
actions in security, authentication, or decryption policies. For
example, when you create a filter for the URL logs for
yes
in
the
Credential Detected
column, you can apply
a tag to the user that enforces an authentication policy that requires
user to authenticate using multi-factor authentication (MFA).