Used only for subrules, and are invisible to the end user.
Client Console Full Name
Client Console Short Name
Web Console Tab/Name
Elasticsearch Field Name
Rule Builder Column Name
Tag1, Tag2, Tag3, Tag4, Tag5
<tag1>, <tag2>, <tag3>, <tag4>, <tag5>
Any field you do not use to create subrules—for example, command.
Creating subrules not based on VMID, ThreatID, or Severity.
MPE/Data Masking Manipulations
They are invisible outside of MPE Rule Builder.
If you want to create a subrule of a value not captured into VMID, ThreatID, or Severity, a tag must be nested within the existing metatag.
These tags can be used in a wide variety of situations. Because these fields do not appear as parsed fields outside of the rule builder, refer to the usage standards to determine when to use these fields.