Tags
Typical enterprises may have thousands of devices (servers, endpoints, OT devices), making it impractical to build security policies targeted at each individual device. Instead, enterprises use grouping mechanisms based on common attributes to apply security policies efficiently.
The properties of an asset used to create these groupings are often referred to as tags or labels. For example, devices can be grouped based on their operating system, allowing for the application of OS-specific policies.
System Tags
Xshield supports system tags that are automatically generated based on asset discovery. The agent (or gatekeeper) running on the devices retrieves system attributes from the operating system and shares them with the Xshield platform.
System Tags:
The following are the pre-defined system tags:
- Application
- Business Value
- Category
- Cluster Identifier
- Container Namespace
- Environment
- Version
- Location
- Manufacturer
- Model
- OS
- Owner
- Role
- Serial Number
- Sub Category
- Subnet
- Type
Custom Tags
Operators can define custom tags for their assets to further refine groupings. There are two ways to set custom tags:
- During Agent Installation: Pass the tag as a command-line argument when installing the agent on the device.
- Via the Xshield Platform: Configure custom tags directly in the platform interface.
The platform allows up to five custom tags to be defined for each asset.
Cloud Tags
For devices running on public cloud platforms (AWS, Azure, GCP, OCI), Xshield can retrieve tags defined in the cloud environment. These tags are retrieved using the standard metadata service endpoint (http://169.254.169.254).
Cloud Tags:
TBD: Please add the type of cloud tags that are retrieved (e.g., environment, region, instance type, project ID, etc.).
Additional Information:
- This functionality must be explicitly enabled on the cloud account to allow the retrieval of tags via the metadata service.
vCloud Tags
For devices running in private cloud environments (vCloud), Xshield retrieves tags using the vCenter APIs. This feature is particularly useful when operators have already defined tags in their vCloud environment and want to reuse them in Xshield without duplicating effort.
Derived Tags
Derived tags are automatically assigned to assets based on pre-defined tagging criteria, known as Tag Label Rules. These rules streamline the tagging process by automating asset classification.
Tag Label Rules
- Once a rule is created, it assigns the specified tags to currently managed assets and any new assets discovered in the future.
- Derived tags help enhance asset grouping, improve network traffic visualization, and simplify policy writing.
Out-of-the-Box Tags
Xshield provides several predefined tags to get users started. Examples include:
- Application: Identifies the primary application running on the device.
- Role: Denotes the function or role of the device (e.g., database server, web server).
- Location: Indicates the physical or logical location of the device.
Users can extend this functionality by creating and applying their own custom tags to suit specific organizational needs.
Summary
Tags provide critical metadata that enhance asset grouping, facilitate network traffic visualization, and enable precise policy creation. By combining system, custom, cloud, vCloud, and derived tags, Xshield offers a powerful and flexible tagging framework for managing enterprise assets.