Tag Configuration

Tag Configuration

Overview


This document describes the procedure on how to assign tags to an asset.


Procedure


Assets can be tagged using 2 methods.


  • Manual tagging of an asset
  • Auto tagging


Manual Tagging


  1. Click on asset menu to get to the list of assets (Make sure to clear all filters to see all assets)
  2. Select the asset which needs to be tagged
  3. On top right corner of asset details, click on the edit to go to edit mode
  4. Click on Add new tag under “Tags”
  5. Click on update






Auto Tagging


Assets can be auto tagged based on response to a SQL query. User can create a SQL query with one of the columns named "tag", whose value would be used to tag the asset. The SQL query needs to be configured as a query pack with a schedule specified by the user. 


If the query pack result returns an ADD record, a tag is added to the asset. 

If the query pack result returns a REMOVE record, the tag is removed from the asset if the corresponding tab is currently assigned to the asset.


Auto tagging query (query pack) is assigned to all assets which match the platform and OS version.





SQL Examples


-- Track VIPs

SELECT 'vip-logged-in' AS tag

FROM users

WHERE username LIKE '%ceo%';



-- Temperature

SELECT

CASE

WHEN max_c < 50 THEN 'temp=cold'

WHEN max_c < 100 THEN ‘temp=warm'

ELSE 'temp=hot'

END AS tag

FROM (

SELECT MAX(CAST(celsius AS NUMERIC)) AS max_c FROM temperature_sensors) t;



-- A tag for temp validation

SELECT

CASE

WHEN max_c < 50 THEN 'temp=cold'

WHEN max_c < 100 THEN ‘temp=warm'

ELSE 'temp=hot'

END AS tag

FROM (

SELECT MAX(CAST(celsius AS NUMERIC)) AS max_c FROM temperature_sensors) t;



-- DB Software

-- work with case statement to provide conditional logic

SELECT DISTINCT

CASE

WHEN name LIKE '%redis%' THEN 'db-redis'

WHEN name LIKE 'postgres%' THEN 'db-postgresql'

END AS tag

FROM processes;



-- alternatively you could use union

-- work with case statement to provide conditional logic

SELECT DISTINCT

CASE

WHEN name LIKE '%redis%' THEN 'db-redis'

WHEN name LIKE 'postgres%' THEN 'db-postgresql'

END AS tag

FROM processes;



-- tag indicating disk space maintenance

SELECT 'feed-me-disk' AS tag

FROM

(

SELECT (SUM(blocks_available) * 1.0) / SUM(blocks) AS percent_free

FROM mounts

WHERE blocks > 0 AND type NOT LIKE '%tmpfs'

) disk_space

WHERE disk_space.percent_free < .8;



    • Related Articles

    • Osquery Flag configuration to use HTTP Proxy in Windows assets

      Per default configuration,osquery in a windows asset checks, if it can reach to uptycs cloud; before doing an Enrollment request. If it is able to connect, it will continue without using any proxy. If above connection attempt fails, 1) Then osquery ...
    • Flag configuration for Multiple Proxy Support

      The support for multiple proxies has been introduced after the release Osquery version 3.2.6.40 and above. Multiple proxies can be setup through the flag profile.  The list of proxies are specified as a comma-separated list. Osquery will attempt to ...
    • Auto tagging using global query

      This article provides details on how to create auto tag rules using a global query. Currently, auto tagging using a global query can be achieved using API only. GUI based solution will be available in release 77. Global query based auto tag rules can ...
    • Query filter based on tags

      Following are different ways to query for tags assigned using SQL. Check for key WHERE Array_position(Map_keys(pe.upt_asset_tags), '<key>') > 0      e.g.     WHERE  Array_position(Map_keys(pe.upt_asset_tags), 'local_asset') > 0 WHERE ...
    • Default permissions assigned to a role

      Following permissions are minimal permissions and are assigned to a role by default even if they are not provisioned. ALERT_RULE:READ ALERT:READ API_KEY:READ ASSET:READ ASSET_CLOUD_INSTANCES:READ ASSET_GROUP_RULE:READ ATC_QUERY:READ AUDIT_RULE:READ ...