Understanding Tags in Rules

When a rule generates an alert, if the rule has tags that don't start with the dollar sign, i.e. $, these tags are automatically applied to the alerts.

For example, let's take a look at this rule:

The tag sector:europe has been applied.

Now, let's look at an alert generated by this rule:

As we can see, the tag is automatically applied to this alert.

As well as all other triggered alerts by this rule:

Additionally, if the rule flagged an entity, and this entity had tags that did not start with $, these tags would be applied on the alert as well.

Note that rules remember tags by type and name. This means that if a tag is create with type A and name B, applied to a rule, and then deleted globally, if another tag with type A and name B is created, then it will be re-applied to the rule.