Creating Tags
Note: This article contains directions for both the ThreatLocker Portal and the ThreatLocker Legacy Portal. If you are using the Legacy Portal, you can find the appropriate directions by scrolling down in the article.
Tags are collections of items that can be applied to Network Control policies and Application Control policies with Network Ringfencing. They can contain strings, with or without wildcards, IPv4 addresses or IPv6 addresses. Tags allow for efficient, centralized management of allowed network domains and IP addresses. The same tag can be easily applied to multiple policies.
Creating Tags within the ThreatLocker Portal
To create a tag, navigate to either 'Application Control' or 'Network Control' within the 'Modules'. dropdown on the navigational menu. Then, select the 'Tags' tab towards the top right to open the Tags page.

Next select the '+ New Tag' button and that will open the 'Create New Tag' panel. Type a name for the tag and add any domains or IP addresses which you would like to use. Click '+ Create Tag' to save and create this new tag.

Adding Items to an Existing Tag
Adding a Text String to a Tag
Click on a tag's name to edit the contents. Click into the 'Text' field under the 'Tag Items' section and type in the text you wish to include in the tag. You can use wildcards in the text string. Press the 'Update Tag' button to commit these new changes.

Adding IPv4 Addresses to a Tag
Click into the 'IPv4s' text field and type the address or subnets you want to include in the tag. Single addresses and CIDR notation subnets are both acceptable formats.

Adding an IPv6 Address to a Tag
Click into the 'IPv6s' text field and type the address you want to include in the tag. Both full-length and shortened IPv6 address formats are acceptable.

Deleting an Item from a Tag
Use the 'x' next to any tag item to delete it. These changes are not saved until you click 'Update Tag' at the bottom of the 'Update Existing Tag' panel.

Updating the Name of a Tag
If you would like to change the name of your tag, type the changes into the 'Tag Name' text box and click the 'Update Tag' button. These changes are not saved until you use the 'Update Tag' button.

Adding a Tag to a Policy
Within the Modules dropdown, navigate to 'Application Control' and 'Policies'. Select the Ringfenced policy you want to add the tag to.

Under the 'Internet Access' section, you may specify tags using the dropdown if 'Allow Selected' is clicked to enable Internet Ringfencing. Choose the tag you want to add from the 'Server' dropdown menu. Built-in tags and tags from your parent account will be available in this dropdown menu.

You can add multiple tags from this same window. Once you have added tags, you click 'Update Policy' button. Remember to click the 'Deploy Policies' button to apply the updated policy to the end users.
Adding to Tags Through the Unified Audit
In the ThreatLocker Portal, navigate to 'Unified Audit'. In the 'Policy Action' dropdown menu, select Ringfenced and click 'Search' to see all Ringfenced items. You can then choose the item and click 'Add to Tag' from the side panel that will appear.

Select 'Add To Tag' then searching for the tag you wish to edit will open the 'Update Existing Tag' side panel.

Clicking the tag will open the 'Update Existing Tag' side panel with the Ringfenced address prefilled. Click 'Update Tag' to commit this change

Removing Tags from a Policy
Within Modules, navigate to 'Application Control' and then 'Policies'. Select the Ringfenced policy you want to remove the tag from.

Within the 'Ringfencing Restrictions' section, find the tag and click the red circled - icon to remove the tag from the policy. Save this change with the 'Update Policy' button, then deploy policies.

Creating Tags Within the ThreatLocker Legacy Portal
To create a tag, navigate to 'Application Control'. Then select the 'Tags' tab to open the tag window.

Next select 'New Tag' and that will open the 'Manage Tag Items' window. Type a name for the tag and click 'Save'. Now you can add items to the tag.


Adding Items to a Tag
Adding a text string to a tag
Choose 'text' from the 'Value' dropdown menu and then type in the text you wish to include in the tag. You can use wildcards in the text string.

Next you will click 'Add' which will add that text string to the tag.

Adding a single IPv4 address to a tag
Choose 'IPv4' from the 'Value' dropdown menu and then type the address you want to include in the tag.

Then click 'Add' and that address will be applied to the tag.

Adding an entire subnet of IPv4 addresses to a tag
Choose 'IPv4' from the 'Value' dropdown menu and then type the address of the subnet you want to include in the tag using CIDR notation.

Once you click 'Add' that entire subnet of addresses is added to the tag.

Choose 'IPv6' from the 'Value' dropdown menu and then type the address you want to include in the tag.

Then click 'Add' and that address will be applied to the tag.

*It is important to note that you can not specify a port number with a tag.*
Deleting items from a tag
Navigate to 'Application Control', 'Tags', and click the pencil icon next to the tag you wish to edit to open the 'Manage Tag Items' window. Click the 'Delete' button next to the corresponding item you wish to remove from the tag.
Updating the name of the tag
If you would like to change the name of your tag, type the changes into the text box and then click the 'Update' button.

Adding a tag to a policy
In the ThreatLocker Portal, navigate to 'Application Control' and then 'Policies'. Select the Network policy you want to add the tag to.

This example shows the tag 'ThreatLocker\Microsoft 365 (Built-in)' is being permitted on any port.

You can add multiple tags from this same window. Once you have added tags, you need to click 'Deploy Policies' to apply the updated policy to the end users.
Adding tags through the Unified Audit
In the ThreatLocker Portal, navigate to 'Unified Audit'. Select Ringfenced in the 'Action' dropdown menu and click 'Search' to see all Ringfenced items. You can then choose the item, and click 'Add to Tag' to open the 'Manage Tag Items' window.

Then choose the tag name you want to add to and ThreatLocker will have pre-populated the information into the textbox for you. If a port number was populated, please delete it before clicking 'Add' to add the item to the tag. Remember, changes to tags are automatically applied to endpoints.

Removing tags from a policy
In the ThreatLocker Portal, navigate to 'Application Control' and then 'Policies'. Select the Network policy you want to remove the tag from. Under the 'Internet' tab, select the tag you want to remove from the 'Server' dropdown menu. Click the trash can icon to remove the tag from the policy. Click 'Deploy Policies' to apply the updated policy to the end users.

Viewing tags
Tags are easily identified within a policy by their highlighted tag-like appearance. In the example below, 'ThreatLocker\Microsoft 356 (Built-In)' is a tag, and '10.0.0.1' is not.
