Tags
The Tag Manager is used to manage custom tags and to update pre-configured tags.
See Role Overview for capabilities required to manage tags.
Managing Tags
The following image shows the Tag Manager UI:
Only if a user has the AME Power User Role for at least one tenant can he view this page.
Manage custom tags
Use the following buttons to manage custom tags:
Button | Function |
---|---|
Add custom tag | |
Edit custom tag |
The search field can be used to filter by tag name. The dropdown allows filtering by a tenant.
Create a custom tag
To create a new tag:
- Click the
Add custom tag
button on the top. - Find a unique tag
- Give the tag a name
- Add a URL with more info if possible
- Add a description to explain what the tag means
- Click the save button on the lower right side of the tag modal
Custom tags can only be in lowercase. Tags with uppercase letters are reserved for internal use. If a new tag is created with uppercase letters by using overrides, the tag will be converted to lowercase.
Update and delete a tag
To update a tag, update the information and press the tag button to open the tag description, and in the description, press the edit button. Press the delete button when the tag update modal is open to delete a tag.
CVE, CIS, Cyber Kill Chain Mitre Att&ack, and NIST CSF tags require a valid Security Knowledge Feature Pack license See Licensing and Support
Managing CVE Tags
CVE Information will be downloaded from https://services.nvd.nist.gov/rest/json/cves/2.0 as tags are added for events.
The CVE Tab contains a filter to search for tags used by events. It's possible to filter by CVS Score by using the Score Comparator and Threshold.
Additionally, CVEs can be filtered by Publish Date.
Managing CIS Tags
CIS Tags are static; therefore, it's only possible to view tags. The search field can be used to filter by tag name.
Managing Cyber Kill Chain Tags
Cyber Kill Chain Tags are static; therefore, it's only possible to view tags. The search field can be used to filter by tag name.
Managing Mitre Att&ck
Mitre Att&ck Tags are preloaded in AME. The following picture shows what the Mitre Att&ck Management page looks like this:
Update Mitre Att&ck Tags
To update Mitre Att&ack Tags, press the refresh button. AME refreshes the tags from the official Mitre Github repository.
AME tries to download the tags directly from the repository or through a HTTP Proxy.
Button | Function |
---|---|
Refresh Tags |
Contact Support if the AME App is in an environment with no Internet Access and the Mitre Tags need to be updated.
Managing NIST CSF Tags
NIST CSF Tags are static; therefore, viewing tags is only possible. The search field can be used to filter by tag name.