Web Protection in Nebula monitors both incoming and outgoing web traffic for any malicious activity. If it detects any malicious outgoing web traffic, you can review it in Nebula on the Monitor > Detection Center > Detection Log page. From there, apply a filter to the Type column for Outbound Connections.
Once the filtered list of outbound connections displays, click on a threat name to open the detection details and locate the associated process name.
Outbound web detection blocks from known web browser processes, such as Microsoft Edge or Google Chrome, can be expected while end users are browsing the internet. ThreatDown researchers actively monitor the internet for malicious IP addresses and domains to proactively protect endpoints.
Outbound web detections from non-web browser-related processes are unusual. If you encounter these, contact Support.
If you believe a blocked IP address or domain is a false positive, Report a false positive to ThreatDown.