Segment your endpoints according to dynamic tags.
Endpoint tags enable multiple layers of segmentation to your endpoints. An endpoint tag is a dynamic entity that is created and assigned to one or more endpoints. The assigned endpoint tags can then be used to create Endpoint Groups, Policies, and Actions.
Note
The following uses Windows operating system installation parameters and Cytool argument examples.
An endpoint tag can be created during installation of the Cortex XDR agent.
An endpoint tag can be created after installation either from the Cortex XDR agent or from the Cortex XDR management console.
Add an endpoint tag as an installation parameter of the Cortex XDR agent's installer:
Installer parameter:
run msiexec /i ... ENDPOINT_TAGS="Name1, Name 2, Name3"
.Cytool argument:
cytool endpoint_tags add "tag1 [,tag2,...,tagN]"
.Note
Tag names are case sensitive.
For Windows and Mac, a tag name can contain spaces.
Linux does not support tag names with spaces as command line arguments to the shell installer. Instead, tags can be set in the
/etc/panw/cortex.conf
configuration file, which supports all Linux installers.
Add an endpoint tag after installation:
From the machine where the Cortex XDR agent is installed:
Navigate to the Cytool folder location and open the CLI as an administrator.
Cytool argument:
cytool endpoint_tags add "tag1 [,tag2, ...,tagN]"
.Note
Tag names are case sensitive and can contain spaces.
From the Cortex XDR management console (Server)
Navigate to
→ → field.Select one or more endpoints, right-click, and select
→ .Select Add tag... and choose one or more tags from the list of existing tags or begin to type a new tag name to Create tag.
Note
Tag names are case sensitive and can contain spaces.
(This step requires administrator permissions) To assign the tag to users or user groups, select Add selected tags to Users or Groups, and select the relevant Users and/or User Groups.
Note
When SBAC is enabled, assigning tags may impact user permissions.
Save the tag names you selected.
Note
If you remove the tag and there are assigned users or user groups with scope settings, this can impact user permissions in the system.
From the XDR agent:
Navigate to the Cytool folder location and open the CLI as an administrator.
For Cytool:
cytool endpoint_tags list
.
From the Cortex XDR management console:
Navigate to
→ → field.All Server and Agent tags associated with the specific endpoint are displayed. Tags created in the XDR agent are displayed with a shield icon.
Filter and search the Tags field for the endpoint tags you have created and assigned.