Creating Tags
The use of Tags requires Agent version 6.0 or greater
Tags are a collection of items that can be applied to Network policies with Ringfencing. They can contain strings, with or without wildcards, IPv4 addresses or IPv6 addresses. Tags are very efficient to manage and any changes made to the tag are automatically applied to the endpoints. The same tag can be easily applied to multiple policies.
Creating Tags
To create a tag, navigate to 'Application Control'. Then select the 'Tags' tab to open the tag window.
Next select 'New Tag' and that will open the 'Manage Tag Items' window. Type a name for the tag and click 'Save'. Now you can add items to the tag.
Adding Items to a Tag
Adding a text string to a tag
Choose 'text' from the 'Value' dropdown menu and then type in the text you wish to include in the tag. You can use wildcards in the text string.
Next you will click 'Add' which will add that text string to the tag.
Adding a single IPv4 address to a tag
Choose 'IPv4' from the 'Value' dropdown menu and then type the address you want to include in the tag.
Then click 'Add' and that address will be applied to the tag.
Adding an entire subnet of IPv4 addresses to a tag
Choose 'IPv4' from the 'Value' dropdown menu and then type the address of the subnet you want to include in the tag using CIDR notation.
Once you click 'Add' that entire subnet of addresses is added to the tag.
Choose 'IPv6' from the 'Value' dropdown menu and then type the address you want to include in the tag.
Then click 'Add' and that address will be applied to the tag.
*It is important to note that you can not specify a port number with a tag.*
Deleting items from a tag
Navigate to 'Application Control', 'Tags', and click the pencil icon next to the tag you wish to edit to open the 'Manage Tag Items' window. Click the 'Delete' button next to the corresponding item you wish to remove from the tag.
Updating the name of the tag
If you would like to change the name of your tag, type the changes into the text box and then click the 'Update' button.
Adding a tag to a policy
In the ThreatLocker Portal, navigate to 'Application Control' and then 'Policies'. Select the Network policy you want to add the tag to.
This example shows the tag 'ThreatLocker\Microsoft 365 (Built-in)' is being permitted on any port.
You can add multiple tags from this same window. Once you have added tags, you need to click 'Deploy Policies' to apply the updated policy to the end users.
Adding tags through the Unified Audit
In the ThreatLocker Portal, navigate to 'Unified Audit'. Select Ringfenced in the 'Action' dropdown menu and click 'Search' to see all Ringfenced items. You can then choose the item, and click 'Add to Tag' to open the 'Manage Tag Items' window.
Then choose the tag name you want to add to and ThreatLocker will have pre-populated the information into the textbox for you. If a port number was populated, please delete it before clicking 'Add' to add the item to the tag. Remember, changes to tags are automatically applied to endpoints.
Removing tags from a policy
In the ThreatLocker Portal, navigate to 'Application Control' and then 'Policies'. Select the Network policy you want to remove the tag from. Under the 'Internet' tab, select the tag you want to remove from the 'Server' dropdown menu. Click the trash can icon to remove the tag from the policy. Click 'Deploy Policies' to apply the updated policy to the end users.
Viewing tags
Tags are easily identified within a policy by their highlighted tag-like appearance. In the example below, 'ThreatLocker\Microsoft 356 (Built-In)' is a tag, and '10.0.0.1' is not.
