LABEL Action

<< Click to Display Table of Contents >>

Navigation:  Event and Object Analysis > Capture Results Filtering > Prefiltering HTTP Requests > Actions >

LABEL Action

Adds a string label to the object metadata.

Description

This action sets a string label in the metadata of the HTTP object currently being processed. If such label has already been set for the HTTP object, its value will be replaced with the new one. It is used to add descriptions to HTTP objects.

Please note:
The set tags will be available in the message filter (if a message was extracted from this HTTP object).

Format

<action name="label" label="<label name>" value="<label value>" />

or:

<action name="label" label="<label name>" > label value </action>

The "name" attribute:

The name attribute specifies the name of the action - name="label".

The "label" attribute:

The label="..." attribute specifies the name of the string label to set.

The "value" attribute:

The value="..." attribute defines the string value of the label.

You can also provide the value in the <action> tag.

Example

<action name="label"
       label="VIRUS-DESCR"
       value="Win.32.BlackHorse.trojan.virus -
              mail worm, extremely dangerous!!!" />

or:

<action name="label"
       label="VIRUS-DESCR">Win.32.BlackHorse.trojan.virus -
                           mail worm, extremely dangerous!!!
</action>

Sets the string tag named "VIRUS-DESCR" for the message and adds the following string to it: "Win.32.BlackHorse.trojan.virus - mail worm, extremely dangerous!!!".

Example

Mark requests to popular Russian mail services with the CONTENT-DESCR tag.

<?xml version="1.0" encoding="utf-8"?>
<filter name="TEST" version="1.0">
 <comment>This is a comment for the filter.</comment>
 <table name="main">
 
   <rule enabled="true">
     <comment>
       Mark requests for popular Russian mail services
       with CONTENT-DESCR label.
     </comment>
     <match>
       <or>
         <c name="req-header"
            headername="Host"
            op="eq"
            value="win.mail.ru" />
         <c name="req-header"
            headername="Host"
            op="eq"
            value="mail.yandex.ru" />
         <c name="req-header"
            headername="Host"
            op="eq"
            value="mail.rambler.ru" />
       </or>
     </match>
     <action name="label"
             label="CONTENT-DESCR"
             value="Russian mail services"/>
   </rule>
 
   <rule enabled="true">
     <match><c name="all"/></match>
     <action name="accept" />
   </rule>
 
 </table>
</filter>