Identifying/finding sites which trigger alerts

Hello all,

maybe this is a stupid question, but I find it somewhat difficult to identify individual web pages that trigger alerts by whatever means using “web insight”.

For example, we have had some users who have visited at least questionable websites (e.g. tornadomovies), which are themselves kind of malware slingers or at least legal questionable. In Zscaler itself, we now see alerts not for tornadomovies, but for all sorts of other linked websites or embedded features. But identifying the “root-cause”-page is quite cumbersome/time consuming. NSS Streaming to Microsoft CAD helps, but does not solve the problem.

Is there any solution to distinguish between actively accessed sites (when the user is manually entering the URL in a browser) and indirectly accessed sites/services? What I have in mind is some kind of “tree”-view for particular webpages.

Ideas anyone? Maybe I just missed a filter or something :slight_smile:

Thanks and BR
Manuel