Skip to main content

PARTNERS

Using endpoint tags

Tags are pieces of information that help you easily identify and take actions on managed endpoints, such as assigning policies based on specific rules or filtering items in the Network page. Endpoint tags do not apply to unmanaged endpoints and to Security Server instances. The assigned tags are visible in the General tab of the endpoint details window.

The following types of tags are available in GravityZone:

  • Custom tags – they include only name and optionally a description. You can assign them to endpoints manually.

  • Automatic tags – they include name, description and rules for them to be automatically assigned to any new endpoints detected in the network.

GravityZone does not provide predefined tags.

As an administrator, you create, edit, delete, assign and unassign tags only for the company you manage. A company can have a maximum of 100 tags. For any new tag after this limit, you need to delete an old one first.

This is what you can do with endpoint tags in GravityZone Control Center:

Note

Endpoint tags are available with the following GravityZone products:

  • GravityZone Business Security Premium

  • GravityZone Business Security Enterprise

  • GravityZone Security for Workstations

  • GravityZone Security for Servers

  • GravityZone EDR Cloud

  • GravityZone Security for Endpoints Physical Workstations

  • GravityZone Security for Endpoints Physical Servers

  • GravityZone Security for Endpoints Virtualized Environments VDI

  • GravityZone Security for Endpoints Virtualized Environments VS

  • GravityZone Security for Virtual Env per CPU

For all features available with different GravityZone products, refer to Features distribution.

Viewing, sorting and searching endpoint tags in Tags Management

The list of all endpoint tags is available in the Network > Tags Management page.

gz_cl_op_pt_tags_management_en.png

Click the column headers in the grid to sort tags.

Use the search box to find tags by name. Type in the full name, only the first characters, or use asterisk (*) as wildcard. For example, to find all tags containing Windows in their names, type in Windows, Win or *ows. GravityZone does not support double asterisk, such as *dow*.

Creating endpoint tags

To create a tag, follow these steps:

  1. In the Network > Tags Management page, click Create tag.

  2. In the configuration page, select the tag type:

    • Custom - to assign the tag manually at any time you want.

    • Automatic - to automatically assign the tag to any new endpoint detected by GravityZone in the network, according to the rules you define.

    gz_cl_op_pt_create_tag_en.png
  3. For a custom tag, enter a name and, optionally, a description. GravityZone supports tag names with a maximum of 40 ASCII characters and descriptions up to 100 characters.

  4. For an automatic tag, enter a name, optionally a description, and define the rules for endpoint assignment:

    • Endpoint name pattern. Enter a name or a part of a name that applies to multiple endpoints.

      Use only Latin letters (a-z and A-Z), digits (0-9), wildcards (* and ?), underscore ( _ ), and hyphen (-). Names with multiple characters must start with a letter or a digit. Names cannot start with wildcards, such as *a or ?w. Wildcards must not be consecutive. The asterisk (*) matches multiple characters, while the question mark (?) matches a single character.

    • IP/CIDR. Enter the IP address in either of these formats:

      • 192.168.1.0/24 - it matches and IP range (CIDR).

      • 192.168.1.0 - it matches the endpoint or endpoints with this unique IP address.

    • Operating system type. Select the OS to which the tag applies: Windows, Linux, or macOS.

    • Endpoint type. Select either workstation or server.

      GravityZone distinguishes between server and workstation Windows versions, counts all Linux distributions as servers, and all macOS versions as workstations.

      Windows endpoints can be workstations or servers, depending on the operating system they run (for example, Windows 11 or Windows Server 2022). However, GravityZone counts all Linux endpoints as servers and all macOS endpoints as workstations.

    You must define at least one rule for automatic tag assignment. If a tag has multiple rules, the AND operator is applied to them. That means the tag applies only to endpoints that match all defined rules. For example, in case of an automatic tag with OS type: Windows and Endpoint type: server, the tag applies only to Windows Server endpoints and ignores Windows 7, 8, 10 and 11.

  5. Click Save.

    The new tag appears in the Tags Management grid.

Editing endpoint tags

To edit a tag, follow these steps:

  1. In the Tags Management grid, click the name of the tag you want to edit.

  2. In the configuration page, change the available details: name, description and, in case of automatic tags, the rules for automatic assignment.

    Note

    You cannot change the tag type from custom to automatic and vice versa.

  3. Click Save.

Deleting endpoint tags

To delete one or multiple tags, follow these steps:

  1. In the Tags Management grid, select the corresponding check boxes one by one, or click the all tags check box to select all tags on the current page.

    Alternately, click the down arrow and choose All to select all tags on all pages.

    gz_cl_op_pt_delete_tag_en.png
  2. Click Delete and confirm the action.

Deleting tags used in policy assignment rules causes endpoints to revert to policies applied per device.

Assigning endpoint tags

Endpoints tags are assigned differently, depending on their type:

  • Custom tags are assigned manually by users in the Network page.

  • Automatic tags are assigned automatically, by GravityZone, based on the defined rules.

To assign custom tags to one or more endpoints, follow these steps:

  1. In the Network grid, select the target endpoints or folders.

    When selecting folders, the task applies to all managed endpoints inside them.

  2. Click the Tags button in the action toolbar and select Assign tags.

    Alternately, right-click on the selected targets and choose Tags > Assign tags from the contextual menu.

    gz_cl_op_pt_assign_tag_en.png
  3. In the configuration window, select the tags you want to attach to the endpoints.

    The list contains only your custom tags.

    gz_cl_op_pt_assign-window_en.png
  4. Click Assign.

    A notification in lower-right side of the console informs you about the assignment process.

  5. Refresh the Network page to view the changes.

Unassigning endpoint tags

To unassign custom tags from one or more endpoints, follow these steps:

  1. In the Network grid, select the target endpoints or folders.

    When selecting folders, the task applies to all managed endpoints inside them.

  2. Click the Tags button in the action toolbar and select Unassign tags.

    Alternately, right-click on the selected targets and choose Tags > unassign tags from the contextual menu.

  3. In the configuration window, select the tags you want to remove from the endpoints.

    The list contains only custom tags, including those already assigned to the selected endpoints.

  4. Click Unassign.

    A notification in the lower-right side of the console informs you about the unassigning process.

  5. Refresh the Network page to view the changes.

Viewing and filtering endpoints by tag in Network

You can view and filter endpoints by using the options in the Tags column in the Network grid. The Tags column is hidden by default and you need to click the columns.png Show/Hide columns button to display it.

For managed endpoints, the Tags column displays all custom and automatic tags assigned to them. For folders, unmanaged endpoints and Security Server instances, the Tags column displays N/A.

The assigned tags are also visible in the General tab of the endpoint details page.

gz_cl_op_pt_endpoint_details_tags_en.png

To filter endpoints by tag, follow these steps:

  1. In the Tags column, click the filtering box in the Tag column and select one or more options:

    • All custom tags - displays only endpoints with custom tags.

    • All automatic tags - displays only endpoints with automatic tags.

    • No tags assigned - displays endpoints without any tags assigned.

    • Any individual tags - displays endpoints having those selected tags assigned.

    To directly find specific tags, use the search box. The search box is visible only when at least six tags exist in the Network > Tags Management page.

  2. Click Apply.

    gz_cl_op_pt_filter_tag_en.png

For details on how to use the search and filtering options in the Network page, refer to Sorting, filtering, and searching for endpoints..

For details on how to use tags to create policy assignment rules, refer to Assigning policies.