Creating Tags

7 min. readlast update: 08.30.2023
Note: This article contains directions for both the ThreatLocker Portal and the ThreatLocker Legacy Portal. If you are using the Legacy Portal, you can find the appropriate directions by scrolling down in the article.

Tags are collections of items that can be applied to Network Control policies and Application Control policies with Network Ringfencing. They can contain strings, with or without wildcards, IPv4 addresses or IPv6 addresses. Tags allow for efficient, centralized management of allowed network domains and IP addresses. The same tag can be easily applied to multiple policies.

Creating Tags within the ThreatLocker Portal

To create a tag, navigate to either 'Application Control' or 'Network Control' within the 'Modules'. dropdown on the navigational menu. Then, select the 'Tags' tab towards the top right to open the Tags page.  

undefined

Next select the '+ New Tag' button and that will open the 'Create New Tag' panel. Type a name for the tag and add any domains or IP addresses which you would like to use. Click '+ Create Tag' to save and create this new tag. 

undefined

Adding Items to an Existing Tag

Adding a Text String to a Tag

Click on a tag's name to edit the contents. Click into the 'Text' field under the 'Tag Items' section and type in the text you wish to include in the tag. You can use wildcards in the text string. Press the 'Update Tag' button to commit these new changes.   

undefined

Adding IPv4 Addresses to a Tag

Click into the 'IPv4s' text field and type the address or subnets you want to include in the tag. Single addresses and CIDR notation subnets are both acceptable formats.

undefined

Adding an IPv6 Address to a Tag

Click into the 'IPv6s' text field and type the address you want to include in the tag. Both full-length and shortened IPv6 address formats are acceptable.

undefined

Deleting an Item from a Tag

Use the 'x' next to any tag item to delete it. These changes are not saved until you click 'Update Tag' at the bottom of the 'Update Existing Tag' panel. 

undefined

Updating the Name of a Tag

If you would like to change the name of your tag, type the changes into the 'Tag Name' text box and click the 'Update Tag' button. These changes are not saved until you use the 'Update Tag' button. 

undefined

Adding a Tag to a Policy

Within the Modules dropdown, navigate to 'Application Control' and 'Policies'. Select the Ringfenced policy you want to add the tag to. 

undefined

Under the 'Internet Access' section, you may specify tags using the dropdown if 'Allow Selected' is clicked to enable Internet Ringfencing. Choose the tag you want to add from the 'Server' dropdown menu. Built-in tags and tags from your parent account will be available in this dropdown menu. 

undefined

You can add multiple tags from this same window. Once you have added tags, you click 'Update Policy' button. Remember to click the 'Deploy Policies' button to apply the updated policy to the end users.    

Adding to Tags Through the Unified Audit

In the ThreatLocker Portal, navigate to 'Unified Audit'. In the 'Policy Action' dropdown menu, select Ringfenced and click 'Search' to see all Ringfenced items. You can then choose the item and click 'Add to Tag' from the side panel that will appear.

undefined

Select 'Add To Tag' then searching for the tag you wish to edit will open the 'Update Existing Tag' side panel.

undefined

Clicking the tag will open the 'Update Existing Tag' side panel with the Ringfenced address prefilled. Click 'Update Tag' to commit this change

undefined

Removing Tags from a Policy 

Within Modules, navigate to 'Application Control' and then 'Policies'. Select the Ringfenced policy you want to remove the tag from.  

undefined

Within the 'Ringfencing Restrictions' section, find the tag and click the red circled - icon to remove the tag from the policy. Save this change with the 'Update Policy' button, then deploy policies.  

undefined

Creating Tags Within the ThreatLocker Legacy Portal 

To create a tag, navigate to 'Application Control'. Then select the 'Tags' tab to open the tag window. 

undefined

Next select 'New Tag' and that will open the 'Manage Tag Items' window. Type a name for the tag and click 'Save'. Now you can add items to the tag.

undefined

undefined

Adding Items to a Tag

Adding a text string to a tag

Choose 'text' from the 'Value' dropdown menu and then type in the text you wish to include in the tag. You can use wildcards in the text string.  

undefined

Next you will click 'Add' which will add that text string to the tag. 

undefined

Adding a single IPv4 address to a tag

Choose 'IPv4' from the 'Value' dropdown menu and then type the address you want to include in the tag.  

undefined

Then click 'Add' and that address will be applied to the tag.

undefined

Adding an entire subnet of IPv4 addresses to a tag

Choose 'IPv4' from the 'Value' dropdown menu and then type the address of the subnet you want to include in the tag using CIDR notation. 

undefined

Once you click 'Add' that entire subnet of addresses is added to the tag.

undefined

Choose 'IPv6' from the 'Value' dropdown menu and then type the address you want to include in the tag.  

undefined

Then click 'Add' and that address will be applied to the tag.

undefined

*It is important to note that you can not specify a port number with a tag.*

Deleting items from a tag

Navigate to 'Application Control', 'Tags', and click the pencil icon next to the tag you wish to edit to open the 'Manage Tag Items' window. Click the 'Delete' button next to the corresponding item you wish to remove from the tag.

Updating the name of the tag

If you would like to change the name of your tag, type the changes into the text box and then click the 'Update' button.

undefined

Adding a tag to a policy

In the ThreatLocker Portal, navigate to 'Application Control' and then 'Policies'. Select the Network policy you want to add the tag to. 

undefined

This example shows the tag 'ThreatLocker\Microsoft 365 (Built-in)' is being permitted on any port.

undefined

You can add multiple tags from this same window. Once you have added tags, you need to click 'Deploy Policies' to apply the updated policy to the end users. 

Adding tags through the Unified Audit

In the ThreatLocker Portal, navigate to 'Unified Audit'. Select Ringfenced in the 'Action' dropdown menu and click 'Search' to see all Ringfenced items. You can then choose the item, and click 'Add to Tag' to open the 'Manage Tag Items' window. 

undefined

Then choose the tag name you want to add to and ThreatLocker will have pre-populated the information into the textbox for you. If a port number was populated, please delete it before clicking 'Add' to add the item to the tag. Remember, changes to tags are automatically applied to endpoints.

undefined

Removing tags from a policy

In the ThreatLocker Portal, navigate to 'Application Control' and then 'Policies'. Select the Network policy you want to remove the tag from. Under the 'Internet' tab, select the tag you want to remove from the 'Server' dropdown menu. Click the trash can icon to remove the tag from the policy. Click 'Deploy Policies' to apply the updated policy to the end users. 

undefined

Viewing tags

Tags are easily identified within a policy by their highlighted tag-like appearance. In the example below, 'ThreatLocker\Microsoft 356 (Built-In)' is a tag, and '10.0.0.1' is not.

undefined

Was this article helpful?