In Netskope's Skope IT, the accessmethod filter is used to differentiate the source of traffic and events. To isolate events originating specifically from endpoints with the Netskope agent installed, the correct filter value is Client. This action effectively filters out events from other sources, such as API-based policies (API Connector), network tunnels (IPsec, GRE), or other forwarding methods. Selecting Client directly achieves the user's goal of viewing only logs generated by the Netskope client.

B. The Tunnel value for the accessmethod filter would show traffic forwarded from network-level IPsec or GRE tunnels, not from the endpoint client.

C. Logs is not a valid or recognized value for the accessmethod filter within the Skope IT interface.

D. Using the neq (not equal) operator would show all events except those from the Netskope client, which is the opposite of the stated requirement.

1. Netskope Official Documentation

"Skope IT Filters": This document details the available filters within the Skope IT interface. It explicitly lists Access Method as a primary filter and Client as a value to isolate traffic steered by the Netskope Client. It also defines other access methods like API Connector

IPsec

and GRE

confirming why the other options are incorrect. (Accessed via Netskope Support Portal

specific document ID varies with version).

2. Netskope Official Documentation

"Skope IT Page Overview": This guide explains the functionalities of the Skope IT pages (Application Events

Alerts

Page Events

Network Events). It describes how to build queries using filters like accessmethod to narrow down results. The documentation confirms that accessmethod: Client is the standard query syntax for filtering client-generated traffic. (Accessed via Netskope Support Portal).