In the Security Analytics Central Manager, you can use Labels as a great way to tag, organize, and create useful groups of Security Analytics sensors for easier management and investigation.
Here’s an example. A multi-national company with multiple sensors around the world wants to group their Security Analytics sensors by geographic location. They have 10 sensors in Asia, 15 in the US, and 7 in Europe. With minimal work, Asia, US, and Europe labels can be added to the appropriate sensors to simplify management. By filtering on those labels, reporting, threat hunting, and sensor management is a breeze. Here are some quick steps to set it up:
1. From the Central Management Console (CMC), go to the Sensors tab and use the Actions menu.
2. Add one or more labels to any number of sensors. This allows easy and arbitrary groupings.
3. Once labeled, sensors can be filtered from the CMC menu or from the Advanced Filter
Additional documentation on CMC Labels is found under View Multiple Sensors.
https://origin-symwisedownload.symantec.com/resources/webguides/security_analytics/ENG/80/Content/_CMC/multiple-sensor_environment.htm#View_Multiple_Sensors
All labels can be accessed via the API as well. This allows for quick labeling of many sensors.
https://origin-symwisedownload.symantec.com/resources/webguides/security_analytics/ENG/80/Content/_Reference/api/apis/central-mgr-api.htm