Smart Search - Export to TRAP Integration¶

large

This integration requires a new alert source called ‘Proofpoint Smart Search - Export to TRAP’ to be configured on your PTR/TRAP 5.2.0 (or above) appliance. Consider enabling the match condition to move an email to quarantine that is available by default when you create the alert source or when you set up match conditions on your own based on desired workflows.

small

“Smart Search - Export to TRAP” Prerequisites¶

Important

Admin Portal Beta access is limited geographically to the US and EU at present.

See the following list of prerequisites to begin using this new workflow with respect to Smart Search as well as PTR/TRAP. If you are a PoD customer, but do not have the Admin Portal interface enabled for Smart Search, you can find instructions at this link to enable it.

Important

It could take a little over 1 hour after you upgrade your PTR/TRAP appliance to 5.2.0 or above for the ‘Export to TRAP’ button to start showing up on your Admin Portal interface.

medium

Note

How does Smart Search identify the correct PTR/TRAP instance?

Smart Search identifies the correct instance based on mapping a customer short name previously recorded by Proofpoint with the corresponding PTR/TRAP license key.

Configuring the New Alert Source on PTR/TRAP¶

You must add and enable a new alert source on PTR/TRAP for this integration to work, namely “Proofpoint Smart Search – Export to TRAP.” medium

Important

Note that this is a new alert source. It becomes effective with the release of PTR/TRAP 5.2.0 (and above) and is distinct from the Proofpoint Smart Search alert source for uploading CSV imports available in PTR/TRAP.

Configuring the alert source is straightforward. The settings include a name, description, polling interval and email notification preference. The minimum/default value of the polling interval is 1 min.

medium

Note

If you are running multiple PTR/TRAP appliances on a single license key, you should enable this new alert source only on one appliance. If this alert source is created and enabled on multiple appliances, it would be impossible to determine which of them will receive and process alerts from Smart Search in Admin Portal. As a result, alerts may be wrongly processed by an appliance which is not setup to quarantine any messages referenced by these alerts.

Configuring the Match Condition for the “Smart Search - Export to TRAP” Alert Source¶

While multiple workflows can be executed from a Smart Search export,, the most common use-case is to quarantine emails. This can be set up as an automated action using match conditions on the “Smart Search – Export to TRAP” alert source. The screenshot below shows the recommended configuration.

medium

Note that the match condition is disabled by default and must be enabled on the alert source.