Skip to main content

Create a Custom Tag Schema

This topic has instructions for creating a custom tag schema in CSE. 

About tags in CSE

Tags are metadata you can attach to Insights, Signals, Entities, and Rules. Tags are useful for adding context to these CSE items. You can also search for and filter items by tag. There are two types of tags: keyword tags, which are arbitrary, freeform strings; and schema keys, which are predefined key-value pairs. CSE provides two built-in schemas keys: Technique and Tactic. You can’t edit the built-in schemas, although they appear in the list of tag schemas in the CSE UI, with a Sumo label, as shown below.

built-in-tags.png

Schema tags can enforce specific tag values and prevent confusion from variations in tag values. For example, you might want to ensure the use of standard server identifiers, such as “FinanceServer”, rather than “Server-Finance” or “Finance_Server”. 

For more information about tags in CSE, see Using Tags with Insights, Signals, Entities, and Rules.

Define a custom tag schema

  1. Click the gear icon at the top of the CSE UI and select Tag Schemas under Workflow.

    gear-tag-schema.png

  2. On the Tag Schemas page, click Create.

    tag-schemas-page.png

  3. The Tag Schema popup appears. The screenshot below shows a previously configured tag schema.

    tag-schema-filled-in.png

    1. Key. Enter an identifier for the tag you’re defining. It won’t appear in the UI for assigning tags to a content item, unless you leave the Label field blank.

    2. Label. Enter a label for the tag. If you supply a label, that’s what will appear in the UI for assigning tags to a content item.

    3. Content Types. Select the types that you want the tag to be available for. You can select one or more of the following:

      • Custom Insight
      • Rule
      • Entity The options don't include Signal or Insight. Signals and Insights inherit tag values from the rule(s) or Custom Insight definition that triggered the Signal or Insight and involved Entities.
    4. Allow Custom Values. Check this box to allow users to add additional allowable values to the tag schema. Otherwise, when applying the tag users may only select one of the values you define in the Value Options section below.

    5. Value Options. If Allow Custom Values is not checked, you must define at least one value for the tag:

      • Value. Enter an allowable value for the tag.

      • Label. Enter a label for the value.

      • Link. If desired, enter a URL. If you supply a URL, that link will appear in the Actions menu of the tag in any content items to which it’s been applied.  CSE’s built-in schema tags Technique and Tactic are examples of schema tags that include a link. The screenshot below shows a link from the Tactic:TA0002 to associated information on the MITRE site.

        mitre-link.png

Sumo Logic YouTubeSumo Logic Twitter
Legal
Privacy Statement
Terms of Use

Copyright © 2022 by Sumo Logic, Inc.