Tag Management

Tags allow you to send custom information with the login or orders decision. Tags are user-defined text fields added when creating segments or policies and can be used to sort and filter data. Tags associated with a policy or segment that is evaluated as true are sent with the API response. You can view tags on the dashboard and in order details.

Note

To create a custom dashboard layout and add the Tags widget, refer to Customize the Dashboard.

There are various use cases for tags, many of them dependent on your organization and how you use data from the Login API. Use cases include:

Assigning tags to inform an internal system about the type of multifactor authentication to use. If the risk is high, then multifactor authentication can be employed. If the risk is low, a CAPTCHA or other method can be employed.
Assigning a tag to know that a login event was from a certain region.
Assigning a tag to allow an investigation for potential high-risk IP addresses or IP Organizations.

Create a tag

You can create a tag to assign to orders after certain policy conditions are met.

To create a tag:

Sign in to Kount 360.
Select Policy Management.
Edit or create a new set.
Edit or create a new segment or policy.
Select Tags.
Select New Tag.
Enter a name for the tag.

Note

The tag name must be more than three alphanumeric characters and can contain underscores. Tag names are case sensitive. If you enter the exact case sensitive name of an archived tag, it is restored in your tags list.
Select Save.

After creating a tag, you can add it to a policy or segment.

Add a tag to a policy or segment

Once a tag is created, you can add it to a policy or segment. When an order triggers the conditions, the tag is assigned to the order.

To add a tag to a policy or segment:

Sign in to Kount 360.
Select Policy Management.
Edit or create a new set.
Edit or create a new segment or policy.
Select Tags.
Search for or scroll to find a tag in the tags list, then select that tag. You can select multiple tags at the same time.
Select Save.

The tag is added to the policy or segment. The changes are pending and must be published before they become active. Refer to Publish set changes in Manage Sets.

Remove a tag from a policy or segment

After a tag is added to a policy or segment, it can be removed so that it is not assigned to any future orders that meet the conditions. If you are unsure how many policies or segments the tag is assigned to, you can view the Active Usage Count in the Tags table. Refer to View tag references for more information.

To remove a tag from a policy or segment:

Sign in to Kount 360.
Select Policy Management.
Edit or create a new set.
Edit or create a new segment or policy.
Select Tags.
In Selected Tags, select Remove on the tags you no longer want assigned to the policy or segment.
Select Save.

The tag is removed from the policy or segment. The changes are pending and must be published before they become active. Refer to Publish set changes in Manage Sets.

View tag references

Tag references can help you identify which segments and policies a tag is assigned to. You can use this information to audit assigned tags or find and remove tags that you want to archive.

To view tag references:

Sign in to Kount 360.
Select Policy Management > Tools > Tags.
Filter/sort the table or scroll to find the tag.
In Quick Actions, select View References .
Optional: In Tag Details, filter or sort the policies or segments the tag is assigned to.
Optional: Select View in each row to open the correlating policy, segment, event type, set name, and verision ID in a new tab.
After viewing the tag references, select Close.

Archive a tag

A tag can be archived if you need to create a new version, fix a spelling mistake, or no longer need it.

Note

You must remove the tag from any current version of a policy or segment before archiving. Refer to Remove a tag from a policy or segment.

To archive a tag:

Sign in to Kount 360.
Select Policy Management > Tools > Tags.
Filter/sort the table or scroll to find the tag.
In Quick Actions, select Archive .
In the confirmation prompt, select Confirm Archive.

The tag is archived and removed from the tags table.

Note

If a tag was archived by accident or you want to use an old tag for a new use case, you can restore it by following the Create a tag process and entering in the case sensitive name for the archived tag. If a tag is archived and the user restores a set version that used the old tag, then the tag is also restored.

Additional use cases

Use case: Excessive failed attempts

A customer wants to know when the number of failed attempts for their login exceeds the bounds of normal operations. They also want Security Operations to be notified through their alerting system. To implement this use case:

Sign in to Kount 360.
Select Policy Management.
Select Policies.
Create a policy that counts the number of failed attempts from an IP address when it exceeds their threshold for a given hour.
Select No Change as the outcome.
Select Save Changes.
Create a tag labeled failedIPThreshold.
Select Policies.
Edit the policy you created and assign the failedIPThreshold tag.
Save the changes.
Set Splunk to send an alert when it finds the tag in the API response.

Use case: Alerting for a scripted attack

A customer wants to be able to alert their Security Operations when they are seeing the signs of a scripted attack. The customer adds a tag to the velocity that the Network Operations Center wants to watch, and then that tag is sent back with the login API response. Their internal alerting system picks up the tag and alerts Security Operations.

Note

Create a tag