Assigning Tags upon Log Occurrence
Upon audit log occurrence, you can assign or remove tags to the assets (nodes, devices, users, wireless LANs) that generated the logs. By creating a search filter, you can automatically assign or exclude tags to corresponding assets when audit logs included in the search filter occur, allowing for their automatic assignment to or exclusion from separate policies.
Configuring Tags in Search Filter
- Go to Audit in the top menu.
- In the left menu, go to Logs > Search Filter.
- Click the Search Filter Name.
- In the Tags menu below, select Assign.
- Select the Search Target and Assignment Target to which tags will be assigned.
- Click the
Add
button to check the tags to assign, then click theSet
button. - Click the
Modify
button.
Untagging Assets in Search Filter
- Go to Audit in the top menu.
- In the left menu, go to Logs > Search Filter.
- Click the Search Filter Name.
- In the Tags menu below, select Remove.
- Select the Search Target and Assignment Target from which tags will be removed.
- Click the
Add
button to check the tags to remove, then click theSet
button. - Click the
Modify
button.