[Tag1-Tag5]
Used only for subrules, and are invisible to the end user.
Data Type
String
Aliases
| Use | Alias |
|---|---|
Client Console Full Name | Not applicable |
Client Console Short Name | Not applicable |
Web Console Tab/Name | Not applicable |
Elasticsearch Field Name | Not applicable |
Rule Builder Column Name | Tag1, Tag2, Tag3, Tag4, Tag5 |
Regex Pattern | <tag1>, <tag2>, <tag3>, <tag4>, <tag5> |
NetMon Name | Not applicable |
Field Relationships
Any field you do not use to create subrules—for example, command.
Common Applications
Not applicable.
Use Case
Creating subrules not based on VMID, ThreatID, or Severity.
MPE/Data Masking Manipulations
They are invisible outside of MPE Rule Builder.
Usage Standards
If you want to create a subrule of a value not captured into VMID, ThreatID, or Severity, a tag must be nested within the existing metatag.
Examples
These tags can be used in a wide variety of situations. Because these fields do not appear as parsed fields outside of the rule builder, refer to the usage standards to determine when to use these fields.