Used only for subrules, and are invisible to the end user.
Data Type
String
Aliases
|
Use |
Alias |
|---|---|
|
Client Console Full Name |
Not applicable |
|
Client Console Short Name |
Not applicable |
|
Web Console Tab/Name |
Not applicable |
|
Elasticsearch Field Name |
Not applicable |
|
Rule Builder Column Name |
Tag1, Tag2, Tag3, Tag4, Tag5 |
|
Regex Pattern |
<tag1>, <tag2>, <tag3>, <tag4>, <tag5> |
|
NetMon Name |
Not applicable |
Field Relationships
Any field you do not use to create subrules—for example, command.
Common Applications
Not applicable.
Use Case
Creating subrules not based on VMID, ThreatID, or Severity.
MPE/Data Masking Manipulations
They are invisible outside of MPE Rule Builder.
Usage Standards
If you want to create a subrule of a value not captured into VMID, ThreatID, or Severity, a tag must be nested within the existing metatag.
Examples
These tags can be used in a wide variety of situations. Because these fields do not appear as parsed fields outside of the rule builder, refer to the usage standards to determine when to use these fields.