Docs

Understanding Context Labels

Suggest Edits

About Context Labels

Context labels are strings that are associated with an IP address in Fusion to help provide context about network activity.

Context labels can be used for:

  • Visually differentiating and understanding IP addresses in the Netography portal
  • In NQL in the Fusion Potal, in API calls, and in Detection Models for searching and filtering, defining custom alerting conditions, and triggering events

Context label format

  • Multiple labels can be created for a single IP address within Netography.
  • The Netography portal can display multiple labels for an IP in the Properties Tray that appears on the right-hand side of the Fusion Portal when selecting an IP address.
  • Context labels have a context name and context value. The format of a context label is:

label.IP.context = value. Where context and value are definable.

  • Individual IP addresses can support multiple contexts.
  • Each context can support multiple values for each context.
  • Context integrations populate IP addresses with context labels. You can also manually add context labels to the system using the Fusion API, importing from CSV files, or by developing your own NetoFuse modules.

🚧

The name context is treated differently than other contexts, as this context used in Netography Fusion charts and tables whereas other contexts are not.

Differences from flow tags

Context labels in Netography are set of values applied to an IP address or port number. The Fusion portal will only display the current label values for an IP and does not maintain a historical record of label values (time-series historical support for context labels will be coming in a future update).

Flow tags, on the other hand, are values applied to the flows between Source IP / Source Port to Destination IP / Destination Port pairs and are stored within each matching flow record that Netography stores. As such, there is a historical record of the tag value that was applied when the flow record was stored. Names are only supported in flow tags, and a context structure is not supported.

Viewing context labels

You can view the context labels currently in your account by going to Settings > Context Labels. On this page you can also individually add a label or import a CSV file in the context label format. For more flexible ways of adding context labels, see Configuring Context Integrations.

The following fields are required in order to create IP labels within Netography successfully:

  • IP Address: Specify the target and unique address of the device or resource within your network.
  • Context: Define the context for your label; the context value is a mechanism to logically group together types of labels to make sense of the labels you apply to the IP addresses in your infrastructure. This can be types of information such as department, security_policy, hostname, cloud_provider, etc. You can create a new context value or use an existing value from the drop-down menu.

🚧

Context name characters must be [A-Za-z0-9_-]

  • Labels: Apply the Label value(s) for the given Context. For instance, a context value of “department” might have values of: finance, accounting, and receivables. The same IP address could also have a context value of “location” with the associated label value of Minneapolis.

🚧

Label value characters must be [^a-zA-Z0-9 ._/\\-#~:()]

When you finish typing your label, select the Create option underneath the drop box to create and save the first label. You can repeat this for creating multiple labels. 

Port labels

Port labels in Netography will differ from IP label creation, as they will have the common protocol types and port values mapped to your created port labels. This may be useful if you are using non-standard ports for your applications and want to label those ports.

You can view and edit Port Labels by switching from the IP Labels to Port Labels tab.

The following fields are required in order to create portal labels within Netography successfully:

  • Port: Specify the port number of the device or resource within your network.

  • Protocol: Specify the protocol type associated to your port number by selecting the appropriate value from the dropdown. 

  • Label: You can define the context for your port label, such as categorizing dhcp, calling out cloud provider, etc. You are also able to create multiple labels using the same creation steps in the IP label section earlier.

Label Usage Notes:

  1. Both Contexts and Label Values are restricted to the following character set: a-z , A-Z , 0-9 ,” “ (space), “_” (underscore) ,”-” (dash), and “.” (dot/period)
  2. The CSV format for both “CSV via S3” integration and portal CSV bulk upload is as follows (the combination of IP and Context should be unique per line in the file). For a more flexible way to import from CSV files that includes header rows you want to dynamically transform into context labels, see NetoFuse CLI: Upload command.

IP1,Context1,Label1,Label2

IP1,Context2,Label1,Label2

IP2,Context3,Label1,Label2

API for Labels

To view how label creation and modification works on our API, please visit the following:

Updated about 1 month ago