Managing Security Validation Tags

Tags can be found on Actions, Sequences, Evaluations, and Actors, and are used to help classify security content. Mandiant adds tags to security content, but the platform also allows you to add additional tags. Tags on Actions, Sequences, and Evaluations are visible in their descriptions and can be used when searching for security content to run. Tags on Actors can be used when running Actions.

Tags are case-insensitive, so Tag and TAG are recognized as the same thing. The platform will only display one version of the tag, generally the first one created. User-defined Tags can also be an exact duplicate of a Validation Tag, allowing you to tag user-created and imported with a tag that matches the Validation Tag.

The Tags Settings page is where you go to view the Validation Tags and user-defined Tags. The Validation Tags list automatically updates if Tags are added or removed as part of a content release. The User Tags list is read-only for everyone except those with Admin rights. Admins have the ability to edit or delete tags from this list.

NOTE: If a User Tag is in use, it can be modified but cannot be deleted.

NOTE: Changes to Tags are pushed to the Security Content that contains the Tags.

To manage tags

  1. Go to Settings > Director Settings. The Systems Settings page opens.
  2. Select Tags. Here you can edit or delete User Tags.

To Add tags, you'd go to the security content or the Actor that needs to be tagged and add it there. As new tags are added, the Tag list will update. See Action Tags and Sequence and Evaluation Tags for additional information.

  • June 5, 2022
  • November 27, 2025
In This Article