Label action and criteria

Use the Label (LABEL) action parameter to assign a label to the triggered action, which you can then use as a criterion for subsequent rules.

You can use both the LABEL action and LABEL criteria as follows:

Within a policy, let's say you define a LABEL action as
LABEL = $(DB_USER)$ 
If this action is triggered for some session request (such as DB_USER = SCOTT), then SCOTT is added to internal dynamic group.
In addition, let's say that you create a rule within the policy that has the following criteria:
LABEL = $(DB_USER)$ 

If a request comes in from a database user, then the LABEL criteria is triggered. If the database user (the DB_USER) is, for example, SA, then that DB_USER is not found in dynamic group, the criteria LABEL is validated to false, and the rule actions are not triggered. However, if the request comes the database user SCOTT, then SCOTT is found in the dynamic group, and the LABEL criteria is validate to true, which triggers the rule actions.

The LABEL parameter is available for the following actions:
  • ALERT
  • LOG
  • MARK_SESSION
  • THROW_EXCEPTION
  • VERDICT_TERMINATE