Device tags

This section describes device tags, and provides instructions for creating and modifying them as well as for tagging devices manually or automatically.

Device tags

Kaspersky Security Center allows you to tag devices. A tag is the label of a device and it can be used for grouping, describing, or finding devices. Tags assigned to devices can be used for creating selections, for finding devices, and for distributing devices among administration groups.

You can tag devices manually or automatically. You may use manual tagging when you want to tag an individual device. Auto-tagging is performed by Kaspersky Security Center in accordance with the specified tagging rules.

Devices are tagged automatically when specified rules are met. An individual rule corresponds to each tag. Rules are applied to the network properties of the device, operating system, applications installed on the device, and other device properties. For example, if you have a hybrid infrastructure of physical machines, Amazon EC2 instances, and Microsoft Azure virtual machines, you can set up a rule that will assign the [Azure] tag to all Microsoft Azure virtual machines. Then, you can use this tag when creating a device selection; and this will help you sort all Microsoft Azure virtual machines and assign them a task.

A tag is automatically removed from a device in the following cases:

• When the device stops meeting conditions of the rule that assigns the tag.
• When the rule that assigns the tag is disabled or deleted.

The list of tags and the list of rules on each Administration Server are independent of all other Administration Servers, including a primary Administration Server or subordinate virtual Administration Servers. A rule is applied only to devices from the same Administration Server on which the rule is created.

Creating a device tag

To create a device tag:

1. In the main menu, go to DEVICES → TAGS → DEVICE TAGS.
2. Click Add.

   A new tag window opens.

3. In the Tag field, enter the tag name.
4. Click Save to save the changes.

The new tag appears in the list of device tags.

Renaming a device tag

To rename a device tag:

1. In the main menu, go to DEVICES → TAGS → DEVICE TAGS.
2. Click the name of the tag that you want to rename.

   A tag properties window opens.

3. In the Tag field, change the tag name.
4. Click Save to save the changes.

The updated tag appears in the list of device tags.

Deleting a device tag

To delete a device tag:

1. In the main menu, go to DEVICES → TAGS → DEVICE TAGS.
2. In the list, select the device tag that you want to delete.
3. Click the Delete button.
4. In the window that opens, click Yes.

The device tag is deleted. The deleted tag is automatically removed from all of the devices to which it was assigned.

The tag that you have deleted is not removed automatically from auto-tagging rules. After the tag is deleted, it will be assigned to a new device only when the device first meets the conditions of a rule that assigns the tag.

The deleted tag is not removed automatically from the device if this tag is assigned to the device by an application or Network Agent. To remove the tag from your device, use the klscflag utility.

Viewing devices to which a tag is assigned

To view devices to which a tag is assigned:

1. In the main menu, go to DEVICES → TAGS → DEVICE TAGS.
2. Click the View devices link next to the tag for which you want to view assigned devices.

The list of devices that appears shows only those devices to which the tag is assigned.

To return to the list of device tags, click the Back button of your browser.

Viewing tags assigned to a device

To view tags assigned to a device:

1. In the main menu, go to DEVICES → MANAGED DEVICES.
2. Click the name of the device whose tags you want to view.
3. In the device properties window that opens, select the Tags tab.

The list of tags assigned to the selected device is displayed. In the Tag assigned column you can view how the tag was assigned.

You can assign another tag to the device or remove an already assigned tag. You can also view all device tags that exist on the Administration Server.

You can also view tags assigned to a device in the command line, by using the klscflag utility.

To view tags assigned to a device in the command line, run the following command:

klscflag -ssvget -pv 1103/1.0.0.0 -s KLNAG_SECTION_TAGS_INFO -n KLCONN_HOST_TAGS -svt ARRAY_T -ss "|ss_type = \"SS_PRODINFO\";"

Tagging a device manually

To assign a tag to a device manually:

1. View tags assigned to the device to which you want to assign another tag.
2. Click Add.
3. In the window that opens, do one of the following:
   • To create and assign a new tag, select Create new tag, and then specify the name of the new tag.
   • To select an existing tag, select Assign existing tag, and then select the necessary tag in the drop-down list.
4. Click OK to apply the changes.
5. Click Save to save the changes.

The selected tag is assigned to the device.

Removing an assigned tag from a device

To remove a tag from a device:

1. In the main menu, go to DEVICES → MANAGED DEVICES.
2. Click the name of the device whose tags you want to view.
3. In the device properties window that opens, select the Tags tab.
4. Select the check box next to the tag that you want to remove.
5. At the top of the list, click the Unassign tag button.
6. In the window that opens, click Yes.

The tag is removed from the device.

The unassigned device tag is not deleted. If you want, you can delete it manually.

You cannot manually remove tags assigned to the device by applications or Network Agent. To remove these tags, use the klscflag utility.

Viewing rules for tagging devices automatically

To view rules for tagging devices automatically,

Do any of the following:

• In the main menu, go to DEVICES → TAGS → AUTO-TAGGING RULES.
• In the main menu, go to DEVICES → TAGS, and then click the Set up auto-tagging rules link.
• View tags assigned to a device and then click the Settings button.

The list of rules for auto-tagging devices appears.

Editing a rule for tagging devices automatically

To edit a rule for tagging devices automatically:

1. View rules for tagging devices automatically.
2. Click the name of the rule that you want to edit.

   A rule settings window opens.

3. Edit the general properties of the rule:
   1. In the Rule name field, change the rule name.

      The name cannot be more than 256 characters long.

   2. Do any of the following:
      • Enable the rule by switching the toggle button to Rule enabled.
      • Disable the rule by switching the toggle button to Rule disabled.
4. Do any of the following:
   • If you want to add a new condition, click the Add button, and specify the settings of the new condition in the window that opens.
   • If you want to edit an existing condition, click the name of the condition that you want to edit, and then edit the condition settings.
   • If you want to delete a condition, select the check box next to the name of the condition that you want to delete, and then click Delete.
5. Click OK in the conditions settings window.
6. Click Save to save the changes.

The edited rule is shown in the list.

Creating a rule for tagging devices automatically

To create a rule for tagging devices automatically:

1. View rules for tagging devices automatically.
2. Click Add.

   A new rule settings window opens.

3. Configure the general properties of the rule:
   1. In the Rule name field, enter the rule name.

      The name cannot be more than 256 characters long.

   2. Do one of the following:
      • Enable the rule by switching the toggle button to Rule enabled.
      • Disable the rule by switching the toggle button to Rule disabled.
   3. In the Tag field, enter the new device tag name or select one of the existing device tags from the list.

      The name cannot be more than 256 characters long.

4. In the conditions section, click the Add button to add a new condition.

   A new condition settings window open.

5. Enter the condition name.

   The name cannot be more than 256 characters long. The name must be unique within a rule.

6. Set up the triggering of the rule according to the following conditions. You can select multiple conditions.
   • Network—Network properties of the device, such as the device name on the Windows network, or device inclusion in a domain or an IP subnet.

     If case sensitive collation is set for the database that you use for Kaspersky Security Center, keep case when you specify a device DNS name. Otherwise, the auto-tagging rule will not work.

   • Applications—Presence of Network Agent on the device, operating system type, version, and architecture.
   • Virtual machines—Device belongs to a specific type of virtual machine.
   • Active Directory—Presence of the device in an Active Directory organizational unit and membership of the device in an Active Directory group.
   • Applications registry—Presence of applications of different vendors on the device.
7. Click OK to save the changes.

   If necessary, you can set multiple conditions for a single rule. In this case, the tag will be assigned to a device if it meets at least one condition.

8. Click Save to save the changes.

The newly created rule is enforced on devices managed by the selected Administration Server. If the settings of a device meet the rule conditions, the device is assigned the tag.

Later, the rule is applied in the following cases:

• Automatically and periodically, depending on the server workload
• After you edit the rule
• When you run the rule manually
• After the Administration Server detects a change in the settings of a device that meets the rule conditions or the settings of a group that contains such device

You can create multiple tagging rules. A single device can be assigned multiple tags if you have created multiple tagging rules and if the respective conditions of these rules are met simultaneously. You can view the list of all assigned tags in the device properties.

Running rules for auto-tagging devices

When a rule is run, the tag specified in properties of this rule is assigned to devices that meet conditions specified in properties of the same rule. You can run only active rules.

To run rules for auto-tagging devices:

1. View rules for tagging devices automatically.
2. Select check boxes next to active rules that you want to run.
3. Click the Run rule button.

The selected rules are run.

Deleting a rule for tagging devices automatically

To delete a rule for tagging devices automatically:

1. View rules for tagging devices automatically.
2. Select the check box next to the rule that you want to delete.
3. Click Delete.
4. In the window that opens, click Delete again.

The selected rule is deleted. The tag that was specified in properties of this rule is unassigned from all of the devices that it was assigned to.

The unassigned device tag is not deleted. If you want, you can delete it manually.

Managing device tags by using the klscflag utility

To assign a set of tags to a device, you need to run the klscflag utility on the client device to which you want to assign tags.

The klscflag utility overwrites the existing tags assigned to the device. This means that you can add or remove tags by specifying the desired set of tags in the command. The utility does not have separate commands for adding or removing individual tags. Instead, you modify the entire set of tags.

When specifying tag names in commands such as klscflag, it is recommended to use a consistent-case approach, such as all caps. Using all caps can help avoid potential issues with tags that differ only in case, depending on the DBMS configuration.

To assign tags to your device by using the klscflag utility:

1. Run the Windows command prompt by using administrator rights, and then change your current directory to the directory with the klscflag utility. The klscflag utility is located in the folder where Network Agent is installed. The default installation path is <Disk>:\Program Files (x86)\Kaspersky Lab\NetworkAgent.
2. Enter one of the following commands:
   • To assign a set of tags:

     klscflag -ssvset -pv 1103/1.0.0.0 -s KLNAG_SECTION_TAGS_INFO -n KLCONN_HOST_TAGS -sv "[\"TAG NAME 1\",\"TAG NAME 2\",\"TAG NAME 3\"]" -svt ARRAY_T -ss "|ss_type = \"SS_PRODINFO\";"

     where [\"TAG NAME 1\",\"TAG NAME 2\",\"TAG NAME 3\"] is the list of tags you that want to assign to your device.

     If you leave the square brackets empty, this will remove all tags from the device:

     klscflag -ssvset -pv 1103/1.0.0.0 -s KLNAG_SECTION_TAGS_INFO -n KLCONN_HOST_TAGS -sv "[]" -svt ARRAY_T -ss "|ss_type = \"SS_PRODINFO\";"

   • To assign a new tag to an existing set of tags:

     klscflag -ssvset -pv 1103/1.0.0.0 -s KLNAG_SECTION_TAGS_INFO -n KLCONN_HOST_TAGS -sv "[\"NEW TAG NAME\",\"TAG NAME 1\",\"TAG NAME 2\",\"TAG NAME 3\"]" -svt ARRAY_T -ss "|ss_type = \"SS_PRODINFO\";"

     where NEW TAG NAME is the name of the tag that you want to assign to your device and TAG NAME 1, TAG NAME 2, TAG NAME 3 are the names of the tags already assigned to the device.

   • To remove a specific tag without removing other tags already assigned to the device, run the command with the updated set of tags.

     For example, if your current tags are TAG NAME 1, TAG NAME 2, TAG NAME 3 and you want to remove TAG NAME 2, run the following command:

     klscflag -ssvset -pv 1103/1.0.0.0 -s KLNAG_SECTION_TAGS_INFO -n KLCONN_HOST_TAGS -sv "[\"TAG NAME 1\",\"TAG NAME 3\"]" -svt ARRAY_T -ss "|ss_type = \"SS_PRODINFO\";"

3. Restart the Network Agent service.

The klscflag utility assigns the specified tags to your device. To make sure that the klscflag utility has assigned the specified tags successfully, view tags assigned to the device.

Alternatively, you can assign device tags manually.