Threat Center Tags

Get Started with Threat Center
Monitor Entities of Interest in Threat Center
Group Detections
Work on Cases
Work on Alerts
Edit and Collaborate in Threat Center
Use Automation Tools in Threat Center
- Manually Run a Playbook on a Case or Alert
- View Case or Alert Automation History
  - Filter Case or Alert Automation History
Find Cases and Alerts
View Case and Alert Metrics
Get Notified About Threat Center
- Threat Center Global Notifications
- Threat Center Notifications Using Automation Management Playbooks
Threat Center APIs

Categorize and find related cases and alerts with tags.

Tags are labels or keywords added to cases or alerts to categorize them or indicate they have a certain characteristic. For example, you can create a Log4j tag and add it to all cases related to the Log4j vulnerability.

If you have a New-Scale Security Operations portfolio license, if the detections of a case or alert are grouped by entity, the tags of that entity are automatically added to the case or alert. These tags are copied to the case or alert. If you remove a tag from the entity, the tag remains in the case or alert. If you remove a tag from the case or alert, it remains in the entity.

With tags, you add information to cases or alerts that aren't captured in other attributes. You can also search for cases or alerts associated with a given tag to see what's related.

To create tags and add tags to an alert or case, edit the alert or case.

Threat CenterThreat Center Guide

Table of ContentsTable of Contents

Threat Center Tags