Skip to main content



Cisco Defense Orchestrator

Labels and Filtering

Labels are used for grouping devices or objects. You can apply labels to one or more devices during onboarding or at any time after onboarding. You can apply labels to objects after you create them. Once you have applied labels to devices or objects, you can filter the contents of the device table or objects table by that label.

Note: A label applied to a device is not extended to its associated objects, and a label applied to a shared object is not extended to its associated objects.

You can create a label group by using the following syntax “group name:label”. For example, Region:East or Region:West. If you were to create these two labels, the group label would be Region and you could choose from East or West in that group. 

Applying Labels to Device and Objects

To apply a label to devices, perform the following steps:

  1. In the navigation pane on the left, click Devices & Services.
  2. Select one or more devices in the Devices & Services table.
  3. In the Add Groups and Labels field on the right, specify a label for the device.
  4. Click blue + icon.

To apply a label to objects, click Objects in the navigation pane, and perform the steps described above.

Labels and Tags in AWS VPC

When you onboard an AWS VPC to CDO, CDO reads all AWS VPC tags as part of the configuration. That is, they are copied from AWS and stored in CDO's database. These tags are represented as CDO labels, which can be viewed on the Devices & Services page, just like labels on any other device type. If you delete the existing labels or create new labels from CDO, these changes are not synchronized to the AWS VPC. You must manually make the same changes using the AWS console. VPC Tags that are created or modified in the AWS console after the AWS VPC has been onboarded will not be stored in CDO's copy of the configuration or detected as an out-of-band change. 

How to filter

To filter, use the filtering options in the left-hand pane of the Devices and Services, Policies, and Objects tabs:

  • All Objects – This filter provides you all the objects available from all the devices you have on-boarded in CDO. This filter is useful to browse all your objects, or as a starting point to search or further apply sub-filters.
  • Shared Objects – This quick filter shows you all the Objects that CDO has found to be shared on more than one device.
  • Objects By Device – Lets you pick a specific device so that you can see objects found on the selected device.

Sub filters – Within each main filter, there are sub-filters you can apply to further narrow down your selection. These sub-filters are based on Object Type – Network, Service, Protocol, etc.

  • Was this article helpful?