Settings. An IP Tag applies highlighting to specified IP addresses when the addresses are displayed in a list in the TLC Console. IP Tags simplify the process of identifying and tracking potential threats.
You can add, edit, and delete IP Tags in:
The IP Tagging tab of the properties of an Event Ticket (see Working with Event Tickets), and
The Settings dialog (see below).
An IP Tagging tab only contains the IP Tags that have been applied to a single Event Ticket, while the Settings tab contains the IP tags for all of your Event Tickets. These UI components are identical, and you can perform the same functions in both. However, to work with IP Tags in an IP Tagging tab, the ticket cannot be closed (i.e. the Closed check box in the ticket's properties cannot be selected).
|
Note |
If you remove an IP Tag in the Settings dialog or an Event Ticket's IP Tagging tab, TLC deletes the tag from the system. |
|---|
To add, edit, or delete IP Tags in the Settings dialog:
| 1. | From the menu bar, select Options >Settings. |
| 2. | In the side bar of the Settings dialog, click User Settings > IP Tagging. |
| 3. | To add an IP Tag: |
| a. | In the workspace of the Settings dialog, click Add. |
| b. | Complete the IP Address Tagging dialog (see Table 66) and click Save. |
To change the properties of an IP Tag:
| a. | In the workspace of the Settings dialog, double-click the tag. |
| b. | Make your changes in the IP Address Tagging dialog (see Table 66) and click Save. |
To change the priority of the IP Tags, use the arrows on the right side of the Settings dialog. If two IP Tags identify the same IP address, TLC will highlight the IP address with the color of the IP Tag that is closest to the top of this list.
To delete an IP Tag:
| a. | In the workspace, select the line for the IP Tag. |
| b. | Click Delete. |
| c. | In the confirmation dialog, click Yes. |
|
Field |
Description |
|---|---|
|
IP address regular expression |
A .NET regular expression that specifies the IP address(es) for the IP Tag. For example: 192.168.0.* highlights 192.168.0.1-255 192.168.0.*|192.168.2.* highlights 192.168.0.1-255 and 192.168.2.1-255 192.168.0.1 highlights 192.168.0.1,10-19,100-199 192.168.0.1\z highlights 192.168.0.1 192.168.\d+.1 highlights 192.168.1-255.1 |
|
Description |
A description of the IP Tag. Ticket ID: The Ticket to which this Tag is assigned. (This will only be displayed if created from within a ticket.) Open: Open the Ticket for this tag. (This will only be displayed if created from within a ticket.) |
|
Highlight color |
The color with which TLC will highlight the IP address(es). |
|
Ticket ID |
Identifies the ID for the Event Ticket. To open the ticket, click Open. Note: This tab is only available when this dialog is opened from the IP Tagging tab of the Event Ticket properties dialog (see Working with Event Tickets). |
|
Map Location |
On the map, double-click the approximate physical location of the system(s) with the IP address(es). In the location you click, TLC adds a dot with the selected color. |