In the alert details please include the process ID of any outbound/inbound threat blocked. At the moment it appears all we get is application name, destination IP and port. Application alone is ambiguous when there are multiple threads/copies resident. For example Chrome could have hundreds of threads active at any one time (at least for me). If the 'blocked threat' alert pops it's impossible to determine which window and/or tab (if any), or other process was responsible. Just that it was Chrome. Additional detail, even if only the process ID responsible/targeted, would go a LONG way towards figuring out why Chrome was making such an attempt. Inbound may be problematical assuming it's difficult to gather process info based upon what's listening at the destination port, so if this is too costly so be it. Outbound is what really matters, again at least to me. Given the process ID I can track down which Chrome window/tab was responsible (assuming it was a specific one) and hopefully narrow down what might have triggered the attempt.
This is assuming there's no specific reason for not including this detail...?
Thanks for listening.
