Skip to main content
Version: 3.0.0

Tags

The Tag Manager is used to manage custom tags and to update pre-configured tags.

info

See Role Overview for capabilities required to manage tags.

Managing Tags

The following image shows the Tag Manager UI:

info

Only if a user has the AME Power User Role for at least one tenant can he view this page.

Manage custom tags

Use the following buttons to manage custom tags:

ButtonFunction
Add custom tag
Edit custom tag

The search field can be used to filter by tag name. The dropdown allows filtering by a tenant.

Create a custom tag

To create a new tag:

  1. Click the Add custom tag button on the top.
  2. Find a unique tag
  3. Give the tag a name
  4. Add a URL with more info if possible
  5. Add a description to explain what the tag means
  6. Click the save button on the lower right side of the tag modal
note

Custom tags can only be in lowercase. Tags with uppercase letters are reserved for internal use. If a new tag is created with uppercase letters by using overrides, the tag will be converted to lowercase.

Update and delete a tag

To update a tag, update the information and press the tag button to open the tag description, and in the description, press the edit button. Press the delete button when the tag update modal is open to delete a tag.

info

CVE, CIS, Cyber Kill Chain Mitre Att&ack, and NIST CSF tags require a valid Security Knowledge Feature Pack license See Licensing and Support

Managing CVE Tags

CVE Information will be downloaded from https://services.nvd.nist.gov/rest/json/cves/2.0 as tags are added for events.

The CVE Tab contains a filter to search for tags used by events. It's possible to filter by CVS Score by using the Score Comparator and Threshold.

Additionally, CVEs can be filtered by Publish Date.

Managing CIS Tags

CIS Tags are static; therefore, it's only possible to view tags. The search field can be used to filter by tag name.

Managing Cyber Kill Chain Tags

Cyber Kill Chain Tags are static; therefore, it's only possible to view tags. The search field can be used to filter by tag name.

Managing Mitre Att&ck

Mitre Att&ck Tags are preloaded in AME. The following picture shows what the Mitre Att&ck Management page looks like this:

Update Mitre Att&ck Tags

To update Mitre Att&ack Tags, press the refresh button. AME refreshes the tags from the official Mitre Github repository.

AME tries to download the tags directly from the repository or through a HTTP Proxy.

ButtonFunction
Refresh Tags
info

Contact Support if the AME App is in an environment with no Internet Access and the Mitre Tags need to be updated.

Managing NIST CSF Tags

NIST CSF Tags are static; therefore, viewing tags is only possible. The search field can be used to filter by tag name.