Shows theoretical attacker reachability — every hop an attack takes and which control blocks it. Unlike Security Preview (policy verdict simulation), this maps the full kill chain topology.
evil-login-page.com resolves to 185.234.x.x
Domain matched phishing category — DNS sinkhole applied
Traffic enters via sg-gw-01
HTTPS traffic on port 443 — permitted by default outbound rule
TLS 1.3 session decrypted for content inspection
Short-lived leaf cert issued, full payload visible to downstream inspectors
URL matched phishing category with 94% confidence
Category: Phishing — action: DENY with block page displayed to user
Would inspect for credential harvesting patterns
Not reached — blocked at URL filter (hop 4)
internal-crm.corp.local
Target application — not reached due to block at hop 4