Skip to main content

Using endpoint tags

Tags are pieces of information that help you easily identify and take actions on managed endpoints, such as assigning policies based on specific rules or filtering items in the Network page. Endpoint tags do not apply to unmanaged endpoints and to Security Server instances. The assigned tags are displayed on the General tab of the endpoint details window.

The following types of tags are available in GravityZone:

  • Custom tags – they include only name and, optionally, a description. You can assign them to endpoints manually.

  • Automatic tags – they include name, description and rules. These tags are automatically assigned to any new endpoints detected in the network.

Note

GravityZone does not provide predefined tags.

As an administrator, you can create, edit, delete, assign and unassign tags only for the company you manage. A company can have a maximum of 100 tags. For each new tag that exceeds this limit, you must delete an old tag first.

This is what you can do with endpoint tags in GravityZoneControl Center:

Note

Endpoint tags are available with the following GravityZone products:

  • GravityZone Business Security Premium

  • GravityZone Business Security Enterprise

  • GravityZone Security for Workstations

  • GravityZone Security for Servers

  • GravityZone XDR

  • GravityZone Cloud Security for MSP

  • GravityZone Security for Physical Workstations (version released in April 2022)

  • GravityZone Security for Physical Servers (version released in April 2022)

  • GravityZone Security for Virtualized Environments VDI (version released in April 2022)

  • GravityZone Security for Virtualized Environments VS (version released in April 2022)

  • GravityZone Security for Virtual Env per CPU (version released in April 2022)

For all features available with different GravityZone products, refer to Features distribution.

Viewing, sorting and searching endpoint tags in Tags Management

The list of all endpoint tags is available in the Network > Tags Management page.

endpoint_tags_main_page_p_241987_en.png

As a Partner, if your company has a compatible license, you are going to see your company tags in the Tags Management page by default. If your company's license does not support endpoint tags, the page does not display any results and you must select at least one child company.

As a Partner, to view tags for child companies, use the Company filter options to make your selections:

  • All recursively – select this option to display all companies that you have access to, including those that are not under your direct management.

  • All directly managed – select this option to display all companies under your direct management (child companies located at the first level under your company).

  • Select one or more company names in the list, or use the search box to display specific companies.

    After making a selection, click Apply.

    endpoint_tags_company_menu_p_241987_en.png

As a Partner, click the column headers in the grid to sort tags by name, type, description, creation date, last modification date, or company.

To display specific tags, use the Tag name search box. Type in the full name, only the first characters, or use the asterisk (*) as wildcard. For example, to find all tags containing Windows in their names, type in Windows, Win or *ows. GravityZone does not support double asterisk, such as *dow*.

You can customize the page appearance by using the Settings button in the upper right-corner. To return to the default columns, click Reset view.

To reset all the selections made on the page to display certain tags, click Reset filters.

Creating endpoint tags from scratch

In GravityZone, you can create automatic and custom tags from scratch in the Tags Management page, and on-the-fly custom tags in the Assign custom tags window in the Network page.

To create a tag from scratch in the Tags Management page, follow these steps:

  1. Go to the Network > Tags Management page and click Create tag.

  2. In the configuration page, select the tag type:

    • Custom - to assign the tag manually at any time you want.

    • Automatic - to automatically assign the tag to any new endpoint detected by GravityZone in the network, according to the rules you define.

    endpoint_tags_create_tag_p_241987_en.png
  3. For a custom tag, enter a name and, optionally, a description. GravityZone supports tag names with a maximum of 40 ASCII characters and descriptions up to 100 characters.

  4. As a Partner, select the company for which you create the tag.

    The list displays only companies with the endpoint tags feature available and with the Your Bitdefender partner can assist you with security management option enabled.

    The list is progressively populated, in batches of ten companies, as you scroll down.

    To find a specific company, use the search box. Type in the full name, only the first characters, or use asterisk (*) as wildcard.

  5. For an automatic tag, enter a name, optionally a description, and define the rules for endpoint assignment:

    • Endpoint name pattern. Enter a name or a part of a name that applies to multiple endpoints.

      Use only Latin letters (a-z and A-Z), digits (0-9), wildcards (* and ?), underscore ( _ ), and hyphen (-). Names with multiple characters must start with a letter or a digit. Names cannot start with wildcards, such as *a or ?w. Wildcards must not be consecutive. The asterisk (*) matches multiple characters, while the question mark (?) matches a single character.

    • IP/CIDR. Enter the IP address in one of the following formats:

      • 192.168.1.0/24 - it matches and IP range (CIDR).

      • 192.168.1.0 - it matches the endpoint or endpoints with this unique IP address.

    • Operating system type. Select the OS to which the tag applies: Windows, Linux, or macOS.

    • Endpoint type. Select either workstation or server.

      GravityZone distinguishes between server and workstation Windows versions, counts all Linux distributions as servers, and all macOS versions as workstations.

      Windows endpoints can be workstations or servers, depending on the operating system they run (for example, Windows 11 or Windows Server 2022). However, GravityZone counts all Linux endpoints as servers and all macOS endpoints as workstations.

    Important

    You must define at least one rule for automatic tag assignment. If a tag has multiple rules, the AND operator is applied to them. That means the tag applies only to endpoints that match all defined rules. For example, in case of an automatic tag with OS type: Windows and Endpoint type: server, the tag applies only to Windows Server endpoints and ignores Windows 7, 8, 10 and 11.

  6. Click Save.

    The new tag appears in the Tags Management grid.

Creating endpoint tags from existing ones

To quickly create endpoint tags, you can use an existing tags as templates with limited modifications.

As a Partner, this procedure can be useful when you must create tags with similar settings to apply them across multiple companies, without wasting time configuring each one.

To create a tag from an existing one, follow these steps:

  1. Go to the Network > Tags Management page.

  2. In the grid, click the moreIcon.pngMore button corresponding to the target tag.

  3. Select Copy.

    endpoint_tags_inline_menu_241987_en.png
  4. In the configuration page, make the changes you need.

    You can modify the name, the description, and the rules (in case of automatic tags). You cannot change the tag type.

    As a Partner, you can select a different company for the new tag. You cannot have two tags with identical names in the same company.

  5. Click Save.

    The new tag appears in the Tags Management grid.

Creating custom tags in the Network page

In the Network page, you can create custom tags in a fast and convenient way for the endpoints you already have selected. If you want automatic tags, you need to go to the Tags Management page.

To create a custom tag in the Network page, follow these steps:

  1. In the Network grid, select at least one endpoint.

  2. Click the Tags button in the action toolbar.

  3. Select Assign tags.

    endpoint_tags_network_create_tag_241987_en.png
  4. In the Assign custom tags window, click + Create tag.

    endpoint_tags_assign_window_create_tag_241987_en.png
  5. In the corresponding field, enter a name and click the ok-icon.pngOK icon.

    assign_custom_tags_type_tag.png
  6. To assign the newly created tag, make sure you selected it and click Assign.

    Only newly created and assigned tags are going to be added to the existing list. If you click Cancel instead of Assign after entering the name of a tag, that tag is not saved.

    endpoint_tags_assign_window_select_tag_241987_en.png

    For details about assigning tags to endpoints, refer to the dedicated section further down this page.

Editing endpoint tags

To edit a tag, follow these steps:

  1. In the Tags Management grid, click the name of the tag you want to edit.

    endpoint_tags_edit_tag_241987_en.png
  2. In the configuration page, change the available details: name, description and, in case of automatic tags, the rules for automatic assignment.

    Note

    You cannot change the tag type from custom to automatic and vice versa.

  3. Click Save.

Deleting endpoint tags

To delete one or multiple tags, follow these steps:

  1. In the Tags Management grid, select the corresponding check boxes one by one, or click the all tags check box to select all tags on the current page.

    Alternately, click the down arrow and choose All to select all tags on all pages.

    endpoint_tags_delete_button_p_241987_en.png
  2. Click Delete and confirm the action.

To delete a specific tag, follow these steps:

  1. Click the moreIcon.pngMore button corresponding to the target tag.

  2. Select Delete and confirm the action.

    endpoint_tags_inline_menu_241987_en.png

Important

Deleting tags used in policy assignment rules causes endpoints to revert to policies applied per device.

Assigning endpoint tags

Endpoint tags are assigned differently, depending on their type:

  • Custom tags are assigned manually by users in the Network page.

  • Automatic tags are assigned automatically, by GravityZone, based on the defined rules.

To assign custom tags to one or more endpoints, follow these steps:

  1. In the Network grid, select the target endpoints or folders.

    When selecting folders, the task applies to all managed endpoints they contain.

  2. Click the Tags button in the action toolbar and select Assign tags.

    Alternately, right-click on the selected targets and choose Tags > Assign tags from the contextual menu.

    endpoint_tags_network_assign_tags_241987_en.png
  3. In the configuration window, select the tags you want to assign to the endpoints.

    The list contains all custom tags, including those already assigned.

    Optionally, use the + Create tag option to create on-the-fly custom tags.

    endpoint_tags_assign_tags_window_cp_241987_en.png
  4. Click Assign.

    A notification in lower-right side of the console informs you about the assignment process.

  5. Refresh the Network grid to view the changes.

Unassigning endpoint tags

You can remove tags from endpoints by using the Unassign tags button on the Network page. The button is available in these situations:

  • When you select one or more endpoints with assigned tags.

  • When you have a selection of endpoints with and without assigned tags.

  • When you select a folder in Computers and Groups, regardless of its content.

The Unassign tags button is disabled when you select endpoints without assigned tags.

endpoint_tags_network_assign_tags_241987_en.png

To unassign custom tags from one or more endpoints, follow these steps:

  1. In the Network grid, select the target endpoints or folders.

    When selecting folders, the task applies to all managed endpoints they contain.

  2. Click the Tags button in the action toolbar and select Unassign tags.

    Alternately, right-click on the selected targets and choose Tags > Unassign tags from the contextual menu.

  3. In the configuration window, select the tags you want to remove from the endpoints. If you want to unassign all, select All tags.

    The list contains only custom tags, including those already unassigned.

    endpoint_tags_unassign_window_241987_en.png
  4. Click Unassign.

    A notification in the lower-right side of the console informs you about the unassigning process.

  5. Refresh the Network grid to view the changes.

Viewing and filtering endpoints by tag in Network

You can view and filter endpoints by using the options in the Tag column in the Network grid. The Tag column is hidden by default and you need to click the columns.pngShow/Hide columns button to display it.

endpoint_tags_network_inventory_241987_en.png

As a Partner, when you go to the Network page, you are going to see your company tags by default. To view tags for other companies, make sure you also enable the Company column in the grid.

This is what happens when you want to view tags for a child company:

  1. In the Company column, select the the child company.

  2. In the Tag filter, the name of the child company is displayed.

  3. The list of tags available with the child company is loaded.

endpoint_tags_network_select_child_company_p_241987_en.png

For managed endpoints, the Tag column displays all custom and automatic tags assigned to them. For folders, unmanaged endpoints and Security Server instances, the Tag column displays the N/A status.

To view the assigned tags on an endpoint, click its name and go to the General > Tags section on the endpoint details page.

endpoint_tags_network_endpoint_details_241987_en.png

To filter endpoints by tag, follow these steps:

  1. In the Tags column, click the filtering box in the Tag column and select one or more options:

    • All automatic tags - displays only endpoints with automatic tags.

    • All custom tags - displays only endpoints with custom tags.

    • No tags assigned - displays endpoints without any tags assigned.

    • Any individual tags - displays endpoints having those selected tags assigned.

    endpoint_tags_tag_filter_selected_company_p_241987_en.png

    Note

    To directly find specific tags, use the search box. The search box is visible only when at least six tags exist in the Network > Tags Management page.

  2. Click Apply.

For details on how to use the search and filtering options in the Network page, refer to Sorting, filtering, and searching for endpoints..

For details on how to use tags to create policy assignment rules, refer to Assigning policies.

Monitoring endpoint tags in User Activity

GravityZone records when endpoint tags are created, edited, assigned, and deleted in the User Activity section.

To view the corresponding entries:

  1. Go to the Accounts > User Activity page.

  2. In the upper-right corner, select the company.

  3. For Area, select Tags to view when the tags have been created, edited and delete, or Network to view when tags have been assigned to endpoints.

  4. Optionally, to view specific actions, select one of the following categories: Created, Edited, or Deleted.

    To view specific actions under Network, select either Assign tags or Unassign tags.

  5. Click Search.

endpoint_tags_user_activity_p_241987_en.png

Click each entry to view details in a resizable section at the bottom of the page. Details include summary, tag name, tag type, description, and the configured rules in case of automatic tags.