Filter Entrapper block transactions in the Web Log


This article applies to:

  • SWG 10.x
  • SWG 11.x

Question:

  • Is there a filter option to show Entrapper blocks only?

Procedure:

The Malware Entrapment engine, also known as Entrapper, was first introduced with SWG OS 10.1.

1. Go to Logs and Reports > Audit Logs, right-click the selected view and choose View Settings

2. In the Filter tab, use the settings below to show only Entrapper blocks out of all the log transactions available in the system:


This filter relies on the actual text of the user response action specified for this rule in your policy.

Below is a snapshot of the default End User Message as defined in the Default Security Policy:



And here is the snapshot of the actual text in the message:



If these settings are modified with custom settings make sure to update the suggested filter to reflect the custom settings.

Last Modified 11/24/2013.
https://support.trustwave.com/kb/KnowledgebaseArticle16283.aspx