Remediation Projects and Tagging


I’m trying to set up Remediation Projects per team based on tags, but am having trouble doing this without creating literally hundreds of tags or asset groups because tag criteria and queries can’t mix AND and OR in the same query to assign an owner to the projects.

A simplified example is we have 3 sites in one country. Our sys admins cover Windows Servers across the whole country, whereas our support teams cover the three sites Workstations individually. This means we need four remediation projects in total. Assets are linked to a site by the first part of the hostname (ASITE, BSITE, CSITE).

Because we can’t mix AND\OR we cannot create a rule stating ‘where (asset starts A or B or C) and OS = servers’ to assign them to the sys admin team. Instead we have to create an asset tag per site, an asset tag per OS and then use three asset groups to say if site A and OS = Server then tag with the Owner as Sys Admin. And then do the same for the workstations.

This doesn’t sound too bad, but we have 50 sites spread across multiple countries so, just to create remediation projects for 50 sites and two OS we need either 100 asset groups or 100 different asset tagging rules. And every other OS type will need 50 more. And if we acquire another site we then need to create another per OS type.

If someone can point out a way to do this much more simply then i would much appreciate it as i could then retain the remainder of my hair - the rest has been pulled out while trying to solve this!

This was the solution that I had to use. Create a tag for the OR, then include that OR in an AND. I no longer use tags for scheduled scans, just reporting.
We do have hundreds of tags (801 currently), and I converted Asset groups into filtered tagging to reduce overhead.

Thanks Brandon,

I’ve worked out I’m going to need at least 50 tag rules per OS\asset type, so pretty sure I’m going to be up near your count pretty soon.

I’ve got a ticket raised with support about this and will suggest raising an IDEA to add AND\OR in the same criteria, but this seems to be such a no-brainer that there must be specific reason this hasn’t been done so I won’t hold my breath.

1 Like

I would be happy with the same UI logic allowed for a saved expert query

Yeah the fact that cloud platform allows mixed and/or and local console does not is a pain for me too.